MCPcopy
hub / github.com/XTLS/REALITY / loadSession

Method loadSession

handshake_client.go:388–529  ·  view source on GitHub ↗
(hello *clientHelloMsg)

Source from the content-addressed store, hash-verified

386}
387
388func (c *Conn) loadSession(hello *clientHelloMsg) (
389 session *SessionState, earlySecret *tls13.EarlySecret, binderKey []byte, err error) {
390 if c.config.SessionTicketsDisabled || c.config.ClientSessionCache == nil {
391 return nil, nil, nil, nil
392 }
393
394 echInner := bytes.Equal(hello.encryptedClientHello, []byte{1})
395
396 // ticketSupported is a TLS 1.2 extension (as TLS 1.3 replaced tickets with PSK
397 // identities) and ECH requires and forces TLS 1.3.
398 hello.ticketSupported = true && !echInner
399
400 if hello.supportedVersions[0] == VersionTLS13 {
401 // Require DHE on resumption as it guarantees forward secrecy against
402 // compromise of the session ticket key. See RFC 8446, Section 4.2.9.
403 hello.pskModes = []uint8{pskModeDHE}
404 }
405
406 // Session resumption is not allowed if renegotiating because
407 // renegotiation is primarily used to allow a client to send a client
408 // certificate, which would be skipped if session resumption occurred.
409 if c.handshakes != 0 {
410 return nil, nil, nil, nil
411 }
412
413 // Try to resume a previously negotiated TLS session, if available.
414 cacheKey := c.clientSessionCacheKey()
415 if cacheKey == "" {
416 return nil, nil, nil, nil
417 }
418 cs, ok := c.config.ClientSessionCache.Get(cacheKey)
419 if !ok || cs == nil {
420 return nil, nil, nil, nil
421 }
422 session = cs.session
423
424 // Check that version used for the previous session is still valid.
425 versOk := false
426 for _, v := range hello.supportedVersions {
427 if v == session.version {
428 versOk = true
429 break
430 }
431 }
432 if !versOk {
433 return nil, nil, nil, nil
434 }
435
436 // Check that the cached server certificate is not expired, and that it's
437 // valid for the ServerName. This should be ensured by the cache key, but
438 // protect the application from a faulty ClientSessionCache implementation.
439 if c.config.time().After(session.peerCertificates[0].NotAfter) {
440 // Expired certificate, delete the entry.
441 c.config.ClientSessionCache.Put(cacheKey, nil)
442 return nil, nil, nil, nil
443 }
444 if !c.config.InsecureSkipVerify {
445 if len(session.verifiedChains) == 0 {

Callers 1

clientHandshakeMethod · 0.95

Calls 14

clientSessionCacheKeyMethod · 0.95
quicResumeSessionMethod · 0.95
RequiredFunction · 0.92
NewEarlySecretFunction · 0.92
mutualCipherSuiteFunction · 0.85
cipherSuiteTLS13ByIDFunction · 0.85
mutualCipherSuiteTLS13Function · 0.85
computeAndUpdatePSKFunction · 0.85
timeMethod · 0.80
VerifyHostnameMethod · 0.80
SizeMethod · 0.80
ResumptionBinderKeyMethod · 0.80

Tested by

no test coverage detected