From 6f5cff539367acfb58d6d9edf5dede10b63fa753 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?W=2E=E2=80=89Mark=20Kubacki?= Date: Sat, 23 Apr 2016 17:49:48 +0200 Subject: [PATCH] tls: Prevent Go stdlib from overwriting our very first tls ticket key (#785) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [1] https://github.com/golang/go/blob/57e459e02b4b01567f92542f92cd9afde209e193/src/crypto/tls/common.go#L424 [2] https://github.com/golang/go/blob/57e459e02b4b01567f92542f92cd9afde209e193/src/crypto/tls/common.go#L392-L407 [2] has overwritten the first tls ticket key on round N=0, that has previously been written using [1]. Go's stdlib does not use c.sessionTicketKeys≥1 as indicator if those values had already been set; initializing that lone SessionTicketKey does the job for for now. If c.serverInit() were called in round N+1 all existing tls ticket keys would be overwritten (in round N<4 except the very first one, of course). As member variables of tls.Config are read-only by then, we cannot keep updating SessionTicketKey as well. This has been escalated to Go's authors with golang/go#15421 here: https://github.com/golang/go/issues/15421 Thanks to Matthew Holt for the initial report! --- server/server.go | 1 + 1 file changed, 1 insertion(+) diff --git a/server/server.go b/server/server.go index 684d6151a..ea98f5e5f 100644 --- a/server/server.go +++ b/server/server.go @@ -445,6 +445,7 @@ func standaloneTLSTicketKeyRotation(c *tls.Config, timer *time.Ticker, exitChan c.SessionTicketsDisabled = true // bail if we don't have the entropy for the first one return } + c.SessionTicketKey = keys[0] // SetSessionTicketKeys doesn't set a 'tls.keysAlreadSet' c.SetSessionTicketKeys(setSessionTicketKeysTestHook(keys)) for {