go-libp2p icon indicating copy to clipboard operation
go-libp2p copied to clipboard

Published 20 hours ago verified publisher icon libp2p

tls: implement TLS session resumption

Open marten-seemann opened this issue 6 years ago • 2 comments

It won't save any roundtrips, but a few bytes during the first flight, and we don't need to verify the certificate chain again.

marten-seemann avatar Apr 09 '19 04:04 marten-seemann

The Go standard library implementation doesn't allow us to modify the information that gets stored in the session ticket (there is a proposal to change that, but it seems to be inactive: https://github.com/golang/go/issues/19199).

Furthermore, for every resumed connection, the server verifies the certificate chain again (and calls the VerifyPeerCertificate callback). I'm not sure what the reasoning behind this is, since tickets are encrypted and authenticated, so successful encryption of the ticket should prove that the certificate chain was already verified successfully in the previous handshake.

Since our motivation to do TLS session resumption is to save the computational cost of verifying the certificate chain in the first place, we wouldn't gain anything from implementing it, apart from (maybe) saving a few bytes during a resumed handshake. Considering that with non-RSA keys the TLS messages already fit into a single MTU, the benefit of that is miniscule.

marten-seemann avatar Apr 23 '19 03:04 marten-seemann

See https://github.com/golang/go/issues/31641.

marten-seemann avatar Apr 24 '19 01:04 marten-seemann