[go] crypto/tls: omit PSK in ECH outer client hello
0 views
Skip to first unread message
Gopher Robot (Gerrit)
Jun 26, 2026, 12:07:06 PM (yesterday) Jun 26
to Roland Shoemaker, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Carlos Amedee, Daniel McCarney, golang...@luci-project-accounts.iam.gserviceaccount.com, golang-co...@googlegroups.com
Gopher Robot submitted the change![]( "Open in Gerrit")
Change information
Commit message:
crypto/tls: omit PSK in ECH outer client hello
When using ECH, do not include the PSK extension in the outer hello.
Including the PSK extension allows for a degradation in privacy, as an
on-path attacker can harvest outer client hellos, and then construct new
hellos using the PSK extension and arbitrary guessed SNI values,
replaying them to the target server. If the server rejects the PSK, the
handshake will continue, but if the PSK is accepted, the binder check
will fail.
Thanks to Coia Prant (github.com/rbqvq) for
reporting this issue.
Fixes CVE-2026-42505
Fixes #79282
Change-Id: Ib3a3c948106a57c1b07b9e61a58cbf757848be18
Reviewed-on: https://go-review.googlesource.com/c/go/+/775960
Auto-Submit: Roland Shoemaker <rol...@golang.org>
TryBot-Bypass: Roland Shoemaker <rol...@golang.org>
Reviewed-by: Daniel McCarney <dan...@binaryparadox.net>
Reviewed-by: Carlos Amedee <car...@golang.org>
Files:
- M src/crypto/tls/handshake_messages.go
- M src/crypto/tls/handshake_messages_test.go
- M src/crypto/tls/tls_test.go
Change size: M
Delta: 3 files changed, 99 insertions(+), 5 deletions(-)
Branch: refs/heads/master
Submit Requirements:
Code-Review: +1 by Carlos Amedee, +2 by Daniel McCarney
TryBots-Pass: LUCI-TryBot-Result-1 by golang...@luci-project-accounts.iam.gserviceaccount.com, TryBot-Bypass+1 by Roland Shoemaker
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages