tls: Prevent Go stdlib from overwriting our very first tls ticket key

[1] https://github.com/golang/go/blob/57e459e02b4b01567f92542f92cd9afde209e193/src/crypto/tls/common.go#L424 [2] https://github.com/golang/go/blob/57e459e02b4b01567f92542f92cd9afde209e193/src/crypto/tls/common.go#L392-L407 [2] has overwritten the first tls ticket key on round N=0, that has previously been written using [1]. Go's stdlib does not use c.sessionTicketKeys≥1 as indicator if those values had already been set; initializing that lone SessionTicketKey does the job for for now. If c.serverInit() were called in round N+1 all existing tls ticket keys are being overwritten (in round N<4 except the very first one, of course). Member variables for tls.Config are read-only by then, so we cannot just keep updating SessionTicketKey as well. This has been escalated to upstream with golang/go#15421 here: golang/go#15421 Thanks to Matthew Holt for the initial report!
caddyserver · Apr 23, 2016 · 25fc0c6 · 25fc0c6
1 parent 5c96ee1
commit 25fc0c6
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/server/server.go b/server/server.go
@@ -445,6 +445,7 @@ func standaloneTLSTicketKeyRotation(c *tls.Config, timer *time.Ticker, exitChan
 		c.SessionTicketsDisabled = true // bail if we don't have the entropy for the first one
 		return
 	}
+	c.SessionTicketKey = keys[0] // SetSessionTicketKeys doesn't set a 'tls.keysAlreadSet'
 	c.SetSessionTicketKeys(setSessionTicketKeysTestHook(keys))
 
 	for {