Page MenuHomePhabricator

Session resumption seems to be broken in ATS for TLSv1.3
Closed, DeclinedPublic

Description

From my initial tests on our labs instances:

vgutierrez@traffic-cache-atstext-buster:~$ openssl s_client -connect 127.0.0.1:443 -reconnect < /dev/null 2>1 |egrep -i "reconnect|reused|cipher"
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
drop connection and then reconnect
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
drop connection and then reconnect
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
drop connection and then reconnect
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
drop connection and then reconnect
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
drop connection and then reconnect
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
    Cipher    : TLS_CHACHA20_POLY1305_SHA256
    Cipher    : TLS_CHACHA20_POLY1305_SHA256

this happens with stateless and with stateful tickets

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 17 2020, 11:28 AM
Vgutierrez triaged this task as High priority.Feb 17 2020, 11:30 AM
Vgutierrez moved this task from Triage to TLS on the Traffic board.
Vgutierrez updated the task description. (Show Details)

This time looks like openssl s_client -reconnect is at fault here. It doesn't seem to be working as expected with TLSv1.3:

vgutierrez@traffic-cache-atstext-buster:~$ openssl s_client -tls1_3 -connect facebook.com:443 -sess_out /tmp/sess -no_ticket 2>&1 |egrep -i "(new|reused)"
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
vgutierrez@traffic-cache-atstext-buster:~$ openssl s_client -tls1_3 -connect facebook.com:443 -sess_in /tmp/sess -no_ticket 2>&1 |egrep -i "(new|reused)"
Reused, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
vgutierrez@traffic-cache-atstext-buster:~$ openssl s_client -tls1_3 -connect facebook.com:443 -reconnect 2>&1 |egrep -i "(new|reused)"
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
vgutierrez@traffic-cache-atstext-buster:~$ openssl s_client -tls1_2 -connect facebook.com:443 -reconnect 2>&1 |egrep -i "(new|reused)"
New, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Reused, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Reused, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Reused, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Reused, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Reused, TLSv1.2, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256

same happens with ATS, session resumption works as expected with -sess_in and -sess_out:

vgutierrez@traffic-cache-atstext-buster:~$ openssl s_client -tls1_3 -connect 127.0.0.1:443 -sess_out /tmp/sess 2>&1  < /dev/null |egrep -i "(new|reused)"
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
Post-Handshake New Session Ticket arrived:
Post-Handshake New Session Ticket arrived:
vgutierrez@traffic-cache-atstext-buster:~$ openssl s_client -tls1_3 -connect 127.0.0.1:443 -sess_in /tmp/sess 2>&1  < /dev/null |egrep -i "(new|reused)"
Reused, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
Post-Handshake New Session Ticket arrived:
vgutierrez@traffic-cache-atstext-buster:~$ openssl s_client -tls1_3 -connect 127.0.0.1:443 -sess_in /tmp/sess 2>&1  < /dev/null |egrep -i "(new|reused)"
Reused, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
Post-Handshake New Session Ticket arrived:
Vgutierrez closed this task as Declined.Feb 18 2020, 6:49 AM