aboutsummaryrefslogtreecommitdiff
path: root/src/crypto/tls/handshake_server_tls13.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/tls/handshake_server_tls13.go')
-rw-r--r--src/crypto/tls/handshake_server_tls13.go14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
index 08251b84de..6aa52698a3 100644
--- a/src/crypto/tls/handshake_server_tls13.go
+++ b/src/crypto/tls/handshake_server_tls13.go
@@ -10,6 +10,7 @@ import (
"crypto"
"crypto/hmac"
"crypto/rsa"
+ "encoding/binary"
"errors"
"hash"
"io"
@@ -741,6 +742,19 @@ func (hs *serverHandshakeStateTLS13) sendSessionTickets() error {
}
m.lifetime = uint32(maxSessionTicketLifetime / time.Second)
+ // ticket_age_add is a random 32-bit value. See RFC 8446, section 4.6.1
+ // The value is not stored anywhere; we never need to check the ticket age
+ // because 0-RTT is not supported.
+ ageAdd := make([]byte, 4)
+ _, err = hs.c.config.rand().Read(ageAdd)
+ if err != nil {
+ return err
+ }
+ m.ageAdd = binary.LittleEndian.Uint32(ageAdd)
+
+ // ticket_nonce, which must be unique per connection, is always left at
+ // zero because we only ever send one ticket per connection.
+
if _, err := c.writeRecord(recordTypeHandshake, m.marshal()); err != nil {
return err
}
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion