Server based TLS-Session-Resumption#141
Open
marvin-enthus wants to merge 3 commits into
Open
Conversation
Contributor
Author
|
I just updated this pull request. We discovered that some RFC 3546 statements about TLS hello extensions handling during resumption have been misleading. Some other RFC's define explicit handling for some extensions during resumption, so we adopted it. It was discovered by problems with the latest version of Apple's coreTLS. It seems neither OpenSSL nor Microsoft's implementations take care of it... @peterdettman you self-assigned this to you. Any thoughts on this PR? |
…early breaks TLS communication when handshake messages exceeds ~ 1500 bytes.
… server extensions are irrelevant during resumption, but RFC 7627 and RFC 5746 define special handlings for some extensions during session resumption
marvin-enthus
force-pushed
the
server-session-resumption
branch
from
004dd67 to
09d79f1
Compare
Contributor
Author
|
Hi. I've just rebased this PR to the master to resolve the conflicts. |
sn-pos
added a commit
to eID-Testbeds/bc-tls-patched
that referenced
this pull request
Apr 5, 2018
- Added support for session resumption via Session Ticket
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hi,
with this pull request we would provide server-based TLS session caching and resumption. The code for handling the session resumption is within TlsServerProtocol.java, but there is no default session management. This has to be provided by an extra TlsServer implementation that handles the getResumableSession(byte[] sessionID) and getNewResumableSession(byte[] requestedClientSessionID) accordingly.
For the implementation following changes have been done:
TlsServer.java / AbstractTlsServer.java:
Introduced two new methods for session resumption and session creation. TlsServer.java defines the methods, AbstractTlsServer.java implements two placeholders that just fulfil the interface requirements but don't do anything...
The methods are:
public TlsSession getResumableSession(byte[] sessionID) throws IOExceptionpublic TlsSession getNewResumableSession(byte[] requestedClientSessionID)TlsServerProtocol.java:
Here is most of the work done:
class level:
handleHandshakeMessage():receiveClientHelloMessage():sendServerHelloMessage()SessionParameters.java (with related changes in TlsClientProtocol.java and DTLSClientProtocol.java):
Refactored encodedServerExtension to encodedPeerExtensions because in this case it holds the client extensions...
TlsProtocol.java:
Fill SessionParameters.java accordingly depending if server or client...
We tested session resumption against Linux (OpenSSL), Mac OSX and Microsoft clients and it works in our scenarios. We hope this pull request will be included in the main stream.
If there are questions or comments just ask ;)
bye,
Chris