checkForResumption reports whether we should perform resumption on this connection.
()
| 440 | |
| 441 | // checkForResumption reports whether we should perform resumption on this connection. |
| 442 | func (hs *serverHandshakeState) checkForResumption() error { |
| 443 | c := hs.c |
| 444 | |
| 445 | if c.config.SessionTicketsDisabled { |
| 446 | return nil |
| 447 | } |
| 448 | |
| 449 | var sessionState *SessionState |
| 450 | if c.config.UnwrapSession != nil { |
| 451 | ss, err := c.config.UnwrapSession(hs.clientHello.sessionTicket, c.connectionStateLocked()) |
| 452 | if err != nil { |
| 453 | return err |
| 454 | } |
| 455 | if ss == nil { |
| 456 | return nil |
| 457 | } |
| 458 | sessionState = ss |
| 459 | } else { |
| 460 | plaintext := c.config.decryptTicket(hs.clientHello.sessionTicket, c.ticketKeys) |
| 461 | if plaintext == nil { |
| 462 | return nil |
| 463 | } |
| 464 | ss, err := ParseSessionState(plaintext) |
| 465 | if err != nil { |
| 466 | return nil |
| 467 | } |
| 468 | sessionState = ss |
| 469 | } |
| 470 | |
| 471 | // TLS 1.2 tickets don't natively have a lifetime, but we want to avoid |
| 472 | // re-wrapping the same master secret in different tickets over and over for |
| 473 | // too long, weakening forward secrecy. |
| 474 | createdAt := time.Unix(int64(sessionState.createdAt), 0) |
| 475 | if c.config.time().Sub(createdAt) > maxSessionTicketLifetime { |
| 476 | return nil |
| 477 | } |
| 478 | |
| 479 | // Never resume a session for a different TLS version. |
| 480 | if c.vers != sessionState.version { |
| 481 | return nil |
| 482 | } |
| 483 | |
| 484 | cipherSuiteOk := false |
| 485 | // Check that the client is still offering the ciphersuite in the session. |
| 486 | for _, id := range hs.clientHello.cipherSuites { |
| 487 | if id == sessionState.cipherSuite { |
| 488 | cipherSuiteOk = true |
| 489 | break |
| 490 | } |
| 491 | } |
| 492 | if !cipherSuiteOk { |
| 493 | return nil |
| 494 | } |
| 495 | |
| 496 | // Check that we also support the ciphersuite from the session. |
| 497 | suite := selectCipherSuite([]uint16{sessionState.cipherSuite}, |
| 498 | c.config.supportedCipherSuites(), hs.cipherSuiteOk) |
| 499 | if suite == nil { |
no test coverage detected