[gnutls-devel] [resent][PATCH] fix SessionTicket when server opted for not renewing ticket
Yuriy M. Kaminskiy
yumkam at gmail.com
Fri Mar 18 14:32:30 CET 2016
On 18.03.2016 15:05, Nikos Mavrogiannopoulos wrote:
> On Wed, Mar 16, 2016 at 9:34 PM, Yuriy M. Kaminskiy <yumkam at gmail.com> wrote:
>> When I played with fixed (wrt ALPN-with-sessions) gnutls library and
>> curl, I noticed in wireshark capture for
>> `curl -v -c jar --location https://www.google.com/ncr
>> that SessionTickets are used only *once*:
>> 1.ClientHello (empty session id, empty SessionTicket)
>> <ServerHello (empty session_id, empty SessionTicket)
>> <NewSessionTicket 
>> 2.ClientHello (new random session id, SessionTicket with data
>> from )
>> <ServerHello (same session id, *no* SessionTicket)
>> (=resumed client/ticket-stored session)
>> 3.ClientHello (same session id, *no* SessionTicket extension)
>> <ServerHello (*new* random session id, *no* SessionTicket extension)
>> (=non-resumed full handshake, establish new server-stored session)
>> 4.ClientHello (same session id, *no* SessionTicket extension)
>> <ServerHello (same session id, *no* SessionTicket extension)
>> (=resumed server-stored session)
>> I've addede debug print of session data in curl, it looks like session
>> data saved after step 2 is 150+ bytes shorter (apparently, it does not
>> contain SessionTicket data).
>> After looking at rfc5077, it looks like server is allowed to resume
>> session this way, and client should just keep old SessionTicket data.
>> However, gnutls forgets it instead.
> I am unable to understand which scenario does not work from the
> description. Could you describe only the non-working scenario and if
> possible provide some reproducer with gnutls-cli or a sample gnutls
You need to resume session 2 or more times, with server that opt for
*not* renewing ticket (e.g. https://www.google.com show this behavior
$ wireshark-gtk -p -f 'tcp && port https' &
Set filter to ssl.handshake, start capture.
$ gnutls-cli --inline-commands www.google.com
Current behavior: SessionTicket is used only once, on 2nd resume
SessionTicket is not sent by client, and 2nd resume fails (fallbacks^1
to full handshake), 3rd and following uses server-side sessions and
don't even try to use SessionTicket (look for presence of "SessionTicket
TLS" extension in ClientHello).
Correct behavior (with my patch): SessionTicket is used all times (empty
on first connect, same data on all following), full handshake is used
only on first connect.
^1 once again, this is *not* a user-visible error, it correctly handled
inside gnutls. Only problem - tiny bit larger resource consumption (and
server-side [non-SessionTicket] sessions are more heavy for server).
More information about the Gnutls-devel