golang / go

The Go programming language
https://go.dev
BSD 3-Clause "New" or "Revised" License
123.79k stars 17.64k forks source link

crypto/tls: server doesn't check for empty legacy_session_id when doing QUIC session resumption #63936

Open marten-seemann opened 12 months ago

marten-seemann commented 12 months ago

What version of Go are you using (go version)?

$ go version
go version go1.21.0 darwin/arm64

Does this issue reproduce with the latest release?

Yes

What did you do?

I sent a ClientHello containing a legacy_session_id when resuming a QUIC session. This is not permitted, see section 8.4 of RFC 9001.

What did you expect to see?

The server should have rejected the handshake. RFC 9001 section 8.4 says that the server SHOULD treat the receipt of a TLS ClientHello with a non-empty legacy_session_id field as a connection error of type PROTOCOL_VIOLATION.

What did you see instead?

The handshake succeeded.

mauri870 commented 11 months ago

/cc @golang/security