From 60ae793a0dde26dc7ddd0a789e7b53e263e9ef33 Mon Sep 17 00:00:00 2001 From: Damien Neil Date: Tue, 1 Aug 2023 16:13:12 -0700 Subject: [PATCH] quic: don't send session tickets The crypto/tls QUIC session ticket API may change prior to the go1.21 release (see golang/go#60107). Drop session tickets entirely for now. We can revisit this when adding 0-RTT support later, which will also need to interact with session tickets. For golang/go#58547 Change-Id: Ib24c456508e39ed11fa284ca3832ba61dc5121f3 Reviewed-on: https://go-review.googlesource.com/c/net/+/514999 Run-TryBot: Damien Neil TryBot-Result: Gopher Robot Reviewed-by: Roland Shoemaker --- internal/quic/conn_id_test.go | 4 +--- internal/quic/conn_loss_test.go | 8 -------- internal/quic/tls.go | 5 ----- internal/quic/tls_test.go | 7 ++----- 4 files changed, 3 insertions(+), 21 deletions(-) diff --git a/internal/quic/conn_id_test.go b/internal/quic/conn_id_test.go index 74905578dc..04baf0edaf 100644 --- a/internal/quic/conn_id_test.go +++ b/internal/quic/conn_id_test.go @@ -229,9 +229,7 @@ func TestConnIDPeerWithZeroLengthConnIDSendsNewConnectionID(t *testing.T) { // An endpoint that selects a zero-length connection ID during the handshake // cannot issue a new connection ID." // https://www.rfc-editor.org/rfc/rfc9000#section-5.1.1-8 - tc := newTestConn(t, clientSide, func(c *tls.Config) { - c.SessionTicketsDisabled = true - }) + tc := newTestConn(t, clientSide) tc.peerConnID = []byte{} tc.ignoreFrame(frameTypeAck) tc.uncheckedHandshake() diff --git a/internal/quic/conn_loss_test.go b/internal/quic/conn_loss_test.go index 3c9e6149ab..2e30b5af6c 100644 --- a/internal/quic/conn_loss_test.go +++ b/internal/quic/conn_loss_test.go @@ -224,17 +224,9 @@ func TestLostHandshakeDoneFrame(t *testing.T) { tc.wantFrame("server sends HANDSHAKE_DONE after handshake completes", packetType1RTT, debugFrameHandshakeDone{}) - tc.wantFrame("server sends session ticket in CRYPTO frame", - packetType1RTT, debugFrameCrypto{ - data: tc.cryptoDataOut[tls.QUICEncryptionLevelApplication], - }) tc.triggerLossOrPTO(packetType1RTT, pto) tc.wantFrame("server resends HANDSHAKE_DONE", packetType1RTT, debugFrameHandshakeDone{}) - tc.wantFrame("server resends session ticket", - packetType1RTT, debugFrameCrypto{ - data: tc.cryptoDataOut[tls.QUICEncryptionLevelApplication], - }) }) } diff --git a/internal/quic/tls.go b/internal/quic/tls.go index ed848c6a13..584316f0e4 100644 --- a/internal/quic/tls.go +++ b/internal/quic/tls.go @@ -72,11 +72,6 @@ func (c *Conn) handleTLSEvents(now time.Time) error { // at the server when the handshake completes." // https://www.rfc-editor.org/rfc/rfc9001#section-4.1.2-1 c.confirmHandshake(now) - if !c.config.TLSConfig.SessionTicketsDisabled { - if err := c.tls.SendSessionTicket(false); err != nil { - return err - } - } } case tls.QUICTransportParameters: params, err := unmarshalTransportParams(e.Data) diff --git a/internal/quic/tls_test.go b/internal/quic/tls_test.go index 3768dc0c07..45ed2517e9 100644 --- a/internal/quic/tls_test.go +++ b/internal/quic/tls_test.go @@ -172,7 +172,7 @@ func handshakeDatagrams(tc *testConn) (dgrams []*testDatagram) { }}, paddedSize: 1200, }, { - // Server HANDSHAKE_DONE and session ticket + // Server HANDSHAKE_DONE packets: []*testPacket{{ ptype: packetType1RTT, num: 1, @@ -182,7 +182,6 @@ func handshakeDatagrams(tc *testConn) (dgrams []*testDatagram) { ranges: []i64range[packetNumber]{{0, 1}}, }, debugFrameHandshakeDone{}, - debugFrameCrypto{}, }, }}, }, { @@ -351,9 +350,7 @@ func TestConnKeysDiscardedClient(t *testing.T) { } func TestConnKeysDiscardedServer(t *testing.T) { - tc := newTestConn(t, serverSide, func(c *tls.Config) { - c.SessionTicketsDisabled = true - }) + tc := newTestConn(t, serverSide) tc.ignoreFrame(frameTypeAck) tc.writeFrames(packetTypeInitial,