[gnutls-devel] [resent][PATCH] fix SessionTicket when server opted for not renewing ticket

Yuriy M. Kaminskiy yumkam at gmail.com
Wed Mar 16 21:34:38 CET 2016 

When I played with fixed (wrt ALPN-with-sessions) gnutls library and
curl, I noticed in wireshark capture for

   `curl -v -c jar --location https://www.google.com/ncr 
https://www.google.com/ncr`,

that SessionTickets are used only *once*:

1.ClientHello (empty session id, empty SessionTicket)
   <ServerHello (empty session_id, empty SessionTicket)
   <Certificate
   ClientKeyExchange
   ...
   <NewSessionTicket [1]
   <ChangeCipherSpec
   ChangeCipherSpec
   ...
2.ClientHello (new random session id[2], SessionTicket with data
   from [1])
   <ServerHello (same session id[2], *no* SessionTicket)
   <ChangeCipherSpec
   ...
   (=resumed client/ticket-stored session)
3.ClientHello (same session id[2], *no* SessionTicket extension)
   <ServerHello (*new* random session id[3], *no* SessionTicket extension)
   <Certificate
   ClientKeyExchange
   ...
   <ChangeCipherSpec
   ...
   (=non-resumed full handshake, establish new server-stored session)
4.ClientHello (same session id[3], *no* SessionTicket extension)
   <ServerHello (same session id[3], *no* SessionTicket extension)
   <ChangeCipherSpec
   (=resumed server-stored session)

I've addede debug print of session data in curl, it looks like session
data saved after step 2 is 150+ bytes shorter (apparently, it does not
contain SessionTicket data).

After looking at rfc5077, it looks like server is allowed to resume
session this way, and client should just keep old SessionTicket data.
However, gnutls forgets it instead.

Attached patch (against 3.3.* branch) fixes this issue. With patch applied:

3.ClientHello (same session id[2], SessionTicket from [1])
   <ServerHello (same session id[2], no *SessionTicket extension)
   <ChangeCipherSpec
   ...
   (=resumed client/ticket-stored session, no NewTicket)
4.ClientHello (same session id[2], SessionTicket from [1])
   <ServerHello (same session id[2], *no* SessionTicket extension)
   <ChangeCipherSpec
   (=resumed client/ticket-stored session)

Passes `make check`.

(I also attached *completely untested* patch rebased against git master).

Disclaimer: my knowledge of TLS protocol and gnutls implementation in
particular is rather limited, please review carefully.

(And note that this issue does not really "break things").
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-SessionTicket-keep-old-ticket-when-server-have-not-o.patch
Type: text/x-diff
Size: 2969 bytes
Desc: not available
URL: </pipermail/attachments/20160316/14edec17/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: master-0001-SessionTicket-keep-old-ticket-when-server-have-not-o.patch
Type: text/x-diff
Size: 2939 bytes
Desc: not available
URL: </pipermail/attachments/20160316/14edec17/attachment-0001.patch>

More information about the Gnutls-devel mailing list