search

elazarl / goproxy

An HTTP proxy library for Go
BSD 3-Clause "New" or "Revised" License
6.01k stars 1.09k forks source link

Session Ticket support? #247

Open SmashGuy2 opened 6 years ago

SmashGuy2 commented 6 years ago

I was wondering if Goproxy supports session tickets (I don't think it does). If not, how might one go about adding this to improve performance?

elazarl commented 6 years ago

I assume you mean session tickets in TLS connecting. Goproxy is just a handler, it would support whatever the server support

On Tue, Oct 10, 2017, 9:19 PM SmashGuy2 notifications@github.com wrote:

I was wondering if Goproxy supports session tickets (I don't think it does). If not, how might one go about adding this to improve performance?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/elazarl/goproxy/issues/247, or mute the thread https://github.com/notifications/unsubscribe-auth/AAP4oqGMChr7-x_sOO1AnndVP5V2UOMdks5sq7UygaJpZM4P0XM8 .

SmashGuy2 commented 6 years ago

Hm, maybe I just don't understand enough about it. When I navigate to this page, it tells me that session ticket support is "improvable".

https://www.howsmyssl.com/

On Tue, Oct 10, 2017 at 1:48 PM, Elazar Leibovich notifications@github.com wrote:

I assume you mean session tickets in TLS connecting. Goproxy is just a handler, it would support whatever the server support

On Tue, Oct 10, 2017, 9:19 PM SmashGuy2 notifications@github.com wrote:

I was wondering if Goproxy supports session tickets (I don't think it does). If not, how might one go about adding this to improve performance?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/elazarl/goproxy/issues/247, or mute the thread https://github.com/notifications/unsubscribe-auth/AAP4oqGMChr7-x_ sOO1AnndVP5V2UOMdks5sq7UygaJpZM4P0XM8 .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/elazarl/goproxy/issues/247#issuecomment-335570719, or mute the thread https://github.com/notifications/unsubscribe-auth/Aa5sGXyXGr7qzWRSGvoJXn7EdAeVoKMgks5sq7vsgaJpZM4P0XM8 .

elazarl commented 6 years ago

Check out plain http.Transport https score. Then ask in go-nuts about it.

Do they support session tickets?

On Tue, Oct 10, 2017, 9:51 PM SmashGuy2 notifications@github.com wrote:

Hm, maybe I just don't understand enough about it. When I navigate to this page, it tells me that session ticket support is "improvable".

https://www.howsmyssl.com/

On Tue, Oct 10, 2017 at 1:48 PM, Elazar Leibovich < notifications@github.com> wrote:

I assume you mean session tickets in TLS connecting. Goproxy is just a handler, it would support whatever the server support

On Tue, Oct 10, 2017, 9:19 PM SmashGuy2 notifications@github.com wrote:

I was wondering if Goproxy supports session tickets (I don't think it does). If not, how might one go about adding this to improve performance?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/elazarl/goproxy/issues/247, or mute the thread https://github.com/notifications/unsubscribe-auth/AAP4oqGMChr7-x_ sOO1AnndVP5V2UOMdks5sq7UygaJpZM4P0XM8 .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/elazarl/goproxy/issues/247#issuecomment-335570719, or mute the thread < https://github.com/notifications/unsubscribe-auth/Aa5sGXyXGr7qzWRSGvoJXn7EdAeVoKMgks5sq7vsgaJpZM4P0XM8

.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/elazarl/goproxy/issues/247#issuecomment-335571344, or mute the thread https://github.com/notifications/unsubscribe-auth/AAP4os52mqUkgrla_FEX9FQxVnsvRTI4ks5sq7yVgaJpZM4P0XM8 .

pschultz commented 6 years ago

Session tickets are enabled by default in Go https servers (and TLS clients); see tls.Config

WinstonPrivacy commented 6 years ago

The TLS server implementation here does serve session tickets back to clients. However, the downstream client which performs the MITM does not appear to cache them.

WinstonPrivacy commented 6 years ago

I confirmed that this is the case. Proxy.go does not initialize the ClientSessionCache, so session tickets are not supported. If you initialize at the end of NewProxyHttpServer(), session tickets again work and performance is dramatically improved on sites which make many small HTTPS requests.

elazarl commented 6 years ago

Hi, Can you please send a PR initialising it?

Unfortunately I don't have enough time lately

On Fri, Mar 16, 2018 at 9:22 PM, Winston Privacy notifications@github.com wrote:

I confirmed that this is the case. Proxy.go does not initialize the ClientSessionCache, so session tickets are not supported. If you initialize at the end of NewProxyHttpServer(), session tickets again work and performance is dramatically improved on sites which make many small HTTPS requests.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/elazarl/goproxy/issues/247#issuecomment-373819140, or mute the thread https://github.com/notifications/unsubscribe-auth/AAP4ogpIx0Cc55U9t2IAOeInTiWtiEnzks5tfBDYgaJpZM4P0XM8 .

WinstonPrivacy commented 6 years ago

I'm forked from abourget's fork so can't submit a PR. But here is the code, just two lines:

proxy.go:

import (
...
"crypto/tls"
)

func NewProxyHttpServer() *ProxyHttpServer {
...

// Set param to larger values to cache more session tickets.
proxy.Transport.TLSClientConfig.ClientSessionCache = tls.NewLRUClientSessionCache(25)

...
return &proxy
}