Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC non-compliant behaviour with session tickets #524

Closed
tomato42 opened this issue Jul 30, 2024 · 0 comments · Fixed by #525
Closed

RFC non-compliant behaviour with session tickets #524

tomato42 opened this issue Jul 30, 2024 · 0 comments · Fixed by #525
Labels
bug unintented behaviour in tlslite-ng code help wanted
Milestone
v0.8.0

Comments

@tomato42
Copy link
Member

When the HandshakeSettings don't include ticketKeys, the server will behave in an non-compliant way: if the client sends the session_ticket extension, the server will respond with on in the ServerHello, but then will not send a NewSessionTicket. That's a RFC violation.

setting ticket_count to 0 or setting ticketKeys to an empty array should be sufficient to disable support for session tickets on server side and thus stop the server from echoing the extension.
@tomato42 tomato42 added bug unintented behaviour in tlslite-ng code help wanted labels Jul 30, 2024
@tomato42 tomato42 added this to the v0.8.0 milestone Jul 30, 2024
GeorgePantelakis added a commit to GeorgePantelakis/tlslite-ng that referenced this issue Aug 12, 2024
@GeorgePantelakis
Make RFC compatible behaviour with session ticket
5dae8eb 
Prevent the server from echoing the session_ticket extension when either
ticket_count or ticketKeys are not set in settings.
tlsfuzzer#524
GeorgePantelakis added a commit to GeorgePantelakis/tlslite-ng that referenced this issue Aug 12, 2024
@GeorgePantelakis
Make RFC compatible behaviour with session ticket
e33633c 
Prevent the server from echoing the session_ticket extension when either
ticket_count or ticketKeys are not set in settings.
tlsfuzzer#524
GeorgePantelakis added a commit to GeorgePantelakis/tlslite-ng that referenced this issue Aug 12, 2024
@GeorgePantelakis
Make RFC compatible behaviour with session ticket
f2be77a 
Prevent the server from echoing the session_ticket extension when either
ticket_count or ticketKeys are not set in settings.
tlsfuzzer#524
@GeorgePantelakis GeorgePantelakis mentioned this issue Aug 12, 2024
Merged
GeorgePantelakis added a commit to GeorgePantelakis/tlslite-ng that referenced this issue Aug 12, 2024
@GeorgePantelakis
Make RFC compatible behaviour with session ticket
667da27 
Prevent the server from echoing the session_ticket extension when either
ticket_count or ticketKeys are not set in settings.
tlsfuzzer#524
GeorgePantelakis added a commit to GeorgePantelakis/tlslite-ng that referenced this issue Aug 12, 2024
@GeorgePantelakis
Make RFC compatible behaviour with session ticket
7ffec11 
Prevent the server from echoing the session_ticket extension when either
ticket_count or ticketKeys are not set in settings.
tlsfuzzer#524
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug unintented behaviour in tlslite-ng code help wanted
Projects
None yet
Milestone
v0.8.0
Development

Successfully merging a pull request may close this issue.

Make RFC compatible behaviour with session ticket GeorgePantelakis/tlslite-ng
1 participant
@tomato42