proposal: crypto/tls: expose a session identifier

[drakkan]

What version of Go are you using (go version)?

$ go version
go version go1.16.5 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output

$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/nicola/.cache/go-build"
GOENV="/home/nicola/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/nicola/go/pkg/mod"
GONOPROXY="gl.syncplify.me/devteam/*"
GONOSUMDB="gl.syncplify.me/devteam/*"
GOOS="linux"
GOPATH="/home/nicola/go"
GOPRIVATE="gl.syncplify.me/devteam/*"
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/lib/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/lib/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.16.5"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2054184453=/tmp/go-build -gno-record-gcc-switches"

crypto/tls has no API to verify which TLS session was resumed. This is an issue for FTPS: to avoid data connection stealing vulnerability we need to require TLS session resumption and to enforce that the TLS session on the data connection was resumed from the one on the control connection.

Please take a look here for more details.

I propose to add two new API to the ConnectionState struct:

// GetID returns a unique identifier for a TLS connection
GetID() []byte
// ResumedFrom returns the session identifier from which this session was resumed.
// It returns nil if the session was not resumed
ResumedFrom() []byte

this way we can store/get the session ID for the FTP control connection and check that ResumedFrom matches the expected ID.

I'm aware that a unique TLS identifier is not easy to expose and that it is difficult to match TLS sessions (but at least possible) also with OpenSSL

[seankhliao]

Duplicate of #25228 , related #18346

[drakkan]

@seankhliao I saw the linked tickets, I think this is not a duplicate of #25228: the session resumption already supported in Go works fine for my use case, but it is not possible to check which session was resumed. So this proposal isn't about implementing session id resumption, session tickets are ok.

Regarding #18346 this is a different use case and TLSUnique is now deprecated and it is nil for resumed sessions, so it is not useful for the exposed use case.

I'm unable to find any existing ticket/proposal about a API to verify which TLS session was resumed, this is the reason I opened a new proposal, thank you

[seankhliao]

cc @FiloSottile