Does this issue reproduce with the latest release?
Yes
What did you do?
I sent a ClientHello containing a legacy_session_id when resuming a QUIC session. This is not permitted, see section 8.4 of RFC 9001.
What did you expect to see?
The server should have rejected the handshake. RFC 9001 section 8.4 says that the server SHOULD treat the receipt of a TLS ClientHello with a non-empty legacy_session_id field as a connection error of type PROTOCOL_VIOLATION.
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What did you do?
I sent a ClientHello containing a legacy_session_id when resuming a QUIC session. This is not permitted, see section 8.4 of RFC 9001.
What did you expect to see?
The server should have rejected the handshake. RFC 9001 section 8.4 says that the server SHOULD treat the receipt of a TLS ClientHello with a non-empty legacy_session_id field as a connection error of type PROTOCOL_VIOLATION.
What did you see instead?
The handshake succeeded.