W. Mark Kubacki 6f5cff5393 tls: Prevent Go stdlib from overwriting our very first tls ticket key (#785) ... [1] 57e459e02b/src/crypto/tls/common.go (L424) [2] 57e459e02b/src/crypto/tls/common.go (L392-L407) [2] has overwritten the first tls ticket key on round N=0, that has previously been written using [1]. Go's stdlib does not use c.sessionTicketKeys≥1 as indicator if those values had already been set; initializing that lone SessionTicketKey does the job for for now. If c.serverInit() were called in round N+1 all existing tls ticket keys would be overwritten (in round N<4 except the very first one, of course). As member variables of tls.Config are read-only by then, we cannot keep updating SessionTicketKey as well. This has been escalated to Go's authors with golang/go#15421 here: https://github.com/golang/go/issues/15421 Thanks to Matthew Holt for the initial report!		2016-04-23 17:49:48 +02:00
..
config_test.go	Parser separate scheme/port, refactor config loading	2016-01-03 16:41:29 -07:00
config.go	Support configuring less restrictive TLS client auth requirements	2016-04-15 22:21:55 +02:00
graceful.go	Several improvements and bug fixes related to graceful reloads	2015-11-14 18:00:25 -07:00
server_test.go	server: Rotate TLS ticket "keys" (#742)	2016-04-12 10:09:45 -06:00
server.go	tls: Prevent Go stdlib from overwriting our very first tls ticket key (#785)	2016-04-23 17:49:48 +02:00
virtualhost.go	Remove path scoping for middleware slice	2016-02-17 18:11:03 -07:00