commit 6ea19bb668ee603d1a41d3fd5ab77e130118fd8b
author Katie Hockman <katie@golang.org> Thu Apr 30 20:11:55 2020 -0400
committer Katie Hockman <katie@golang.org> Thu May 07 18:33:39 2020 +0000
tree 89fe5c5fe70ef0d6672121008bde0167df0c02d2
parent b1760f3a27ed9a0e99599bf028b2b48403f8c3fc

crypto/tls: rotate session keys in older TLS versions

Also encode the certificates in a way that's more
consistent with TLS 1.3 (with a 24 byte length prefix).

Note that this will have an additional performance cost
requiring clients to do a full handshake every 7 days
where previously they were able to use the same ticket
indefinitely.

Updates #25256

Change-Id: Ic4d1ba0d92773c490b33b5f6c1320d557cc7347d
Reviewed-on: https://go-review.googlesource.com/c/go/+/231317
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>

src/crypto/tls/handshake_server.go

diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index 35ac7b8..d227c04 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -15,6 +15,7 @@
 	"fmt"
 	"io"
 	"sync/atomic"
+	"time"
 )
 
 // serverHandshakeState contains details of a server handshake in progress.
@@ -368,6 +369,11 @@
 		return false
 	}
 
+	createdAt := time.Unix(int64(hs.sessionState.createdAt), 0)
+	if c.config.time().Sub(createdAt) > maxSessionTicketLifetime {
+		return false
+	}
+
 	// Never resume a session for a different TLS version.
 	if c.vers != hs.sessionState.vers {
 		return false
@@ -689,6 +695,7 @@
 	state := sessionState{
 		vers:         c.vers,
 		cipherSuite:  hs.suite.id,
+		createdAt:    uint64(c.config.time().Unix()),
 		masterSecret: hs.masterSecret,
 		certificates: certsFromClient,
 	}