Bot releases are visible (Hide)
Published by gaukas 4 months ago
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.6.6...v1.6.7
Published by gaukas 6 months ago
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.6.5...v1.6.6
Published by gaukas 6 months ago
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.6.4...v1.6.5
Published by gaukas 6 months ago
(*UConn).Read()
and Secure Renegotiation by @gaukas in https://github.com/refraction-networking/utls/pull/292
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.6.3...v1.6.4
Published by gaukas 8 months ago
Don't panic! This does not cause any significant security concern, since modern platforms are doing fine with limited randomness from math/rand
. This patch is for some much restrictive platforms such as WebAssembly.
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.6.2...v1.6.3
Published by gaukas 9 months ago
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.6.1...v1.6.2
Published by gaukas 10 months ago
This is a security update fixing kyberslash2, a timing side-channel attack against CIRCL library used by uTLS.
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.6.0...v1.6.1
Published by gaukas 10 months ago
OmitEmptyPsk
field in PreSharedKeyExtension
(closes #255) by @sleeyax in https://github.com/refraction-networking/utls/pull/256
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.5.4...v1.6.0
Published by gaukas about 1 year ago
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.5.3...v1.5.4
Published by gaukas about 1 year ago
keySharesParams
by @gaukas in https://github.com/refraction-networking/utls/pull/238
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.5.2...v1.5.3
Published by gaukas about 1 year ago
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.5.0...v1.5.2
Published by gaukas about 1 year ago
A big shout out to @3andne for spending time on major refactoring/revision in the Session Resumption for both TLS 1.2 (SessionTicket-based) and TLS 1.3 (PreSharedKey-based)!
type ISessionTicketExtension interface {
TLSExtension
// If false is returned, utls will invoke `InitializeByUtls()` for the necessary initialization.
Initializable
// InitializeByUtls is invoked when IsInitialized() returns false.
// It initializes the extension using a real and valid TLS 1.2 session.
InitializeByUtls(session *SessionState, ticket []byte)
GetSession() *SessionState
GetTicket() []byte
}
// SetSessionTicket sets the session ticket extension.
// If extension is nil, this will be a no-op.
func (uconn *UConn) SetSessionTicketExtension(sessionTicketExt ISessionTicketExtension)
type PreSharedKeyExtension interface {
// TLSExtension must be implemented by all PreSharedKeyExtension implementations.
TLSExtension
// If false is returned, utls will invoke `InitializeByUtls()` for the necessary initialization.
Initializable
SetOmitEmptyPsk(val bool)
// InitializeByUtls is invoked when IsInitialized() returns false.
// It initializes the extension using a real and valid TLS 1.3 session.
InitializeByUtls(session *SessionState, earlySecret []byte, binderKey []byte, identities []PskIdentity)
// GetPreSharedKeyCommon retrieves the final PreSharedKey-related states as defined in PreSharedKeyCommon.
GetPreSharedKeyCommon() PreSharedKeyCommon
// PatchBuiltHello is called once the hello message is fully applied and marshaled.
// Its purpose is to update the binders of PSK (Pre-Shared Key) identities.
PatchBuiltHello(hello *PubClientHelloMsg) error
mustEmbedUnimplementedPreSharedKeyExtension() // this works like a type guard
}
// SetPskExtension sets the psk extension for tls 1.3 resumption. This is a no-op if the psk is nil.
func (uconn *UConn) SetPskExtension(pskExt PreSharedKeyExtension) error
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.4.3...v1.5.0
Published by gaukas about 1 year ago
Fixed a previous bug causing PSK-resumption to fail.
Now UtlsPreSharedKeyExtension
does not contain any externally-set states -- user MUST set Config.ClientSessionCache
for resumption.
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.5.0-beta.3...v1.5.0-beta.4
Published by gaukas about 1 year ago
Some minor changes and now we got PSK examples!
There's a bug: setting tls.Config.ClientSessionCache
will cause PSK to fail. Currently users must set only tls.UtlsPreSharedKeyExtension.ClientSessionCacheOverride
.
This is not an intended behavior and requires further investigation...
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.5.0-beta.2...v1.5.0-beta.3
Published by gaukas about 1 year ago
We are finally supporting pre_shared_key
! I mean, with REAL support.
To use it, you must provide a type interfacing ClientSessionCache
:
// ClientSessionCache is a cache of ClientSessionState objects that can be used
// by a client to resume a TLS session with a given server. ClientSessionCache
// implementations should expect to be called concurrently from different
// goroutines. Up to TLS 1.2, only ticket-based resumption is supported, not
// SessionID-based resumption. In TLS 1.3 they were merged into PSK modes, which
// are supported via this interface.
type ClientSessionCache interface {
// Get searches for a ClientSessionState associated with the given key.
// On return, ok is true if one was found.
Get(sessionKey string) (session *ClientSessionState, ok bool)
// Put adds the ClientSessionState to the cache with the given key. It might
// get called multiple times in a connection if a TLS 1.3 server provides
// more than one session ticket. If called with a nil *ClientSessionState,
// it should remove the cache entry.
Put(sessionKey string, cs *ClientSessionState)
}
Where the sessionKey
is the ServerName
(or IP Address if no ServerName
).
This update could possibly break TLS 1.2 session resumption support from older versions, so please report any bugs you encountered.
This update includes a breaking change of PreShareKeyExtension
: it is now an interface
.
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.5.0-beta.1...v1.5.0-beta.2
Published by gaukas about 1 year ago
Duck Goes Quack, Cow Goes Moo, Parrot Goes Post-Quantum!
† Set chrome://flags/#enable-tls13-kyber
to enable in Chrome 115. To be generally available (perhaps default ON?) in Chrome 116.
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.5.0-alpha...v1.5.0-beta.1
Published by gaukas about 1 year ago
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.4.3...v1.5.0-alpha
Published by gaukas about 1 year ago
Retract v1.4.0, v1.4.1 for a breaking change made by crypto/tls
in client handshake. This tag contains no code change from v1.4.2 since v1.4.2 patches the exact bug in the retracted versions.
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.4.2...v1.4.3
Published by gaukas about 1 year ago
Provide a dirty fix for a bug(?) triggered when Config.ClientSessionCache
is nil
and session_ticket
is received from a server.
Published by gaukas about 1 year ago
Full Changelog: https://github.com/refraction-networking/utls/compare/v1.3.3...v1.4.1