Commit e8d9741
authored
Support TLS 1.3 (#277)
* Use session event to support TLS 1.3
* Renew TLS session ticket after each data connection
TLS 1.3 mandates single-use session tickets (RFC 8446 §4.6.1). After a
data connection resumes using the control connection's ticket, the server
issues a new ticket on that data connection. Capture it via the 'session'
event and store it in tlsSessionStore so the next data connection presents
a fresh ticket rather than the already-spent one.
Without this, servers enforcing single-use tickets (e.g. ProFTPD with
TLS 1.3) accept only the first data connection and reject all subsequent
ones with a TLS negotiation failure.1 parent 5585c9d commit e8d9741
2 files changed
Lines changed: 11 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
61 | 61 | | |
62 | 62 | | |
63 | 63 | | |
| 64 | + | |
| 65 | + | |
64 | 66 | | |
65 | 67 | | |
66 | 68 | | |
| |||
150 | 152 | | |
151 | 153 | | |
152 | 154 | | |
| 155 | + | |
153 | 156 | | |
154 | 157 | | |
155 | 158 | | |
| |||
175 | 178 | | |
176 | 179 | | |
177 | 180 | | |
| 181 | + | |
| 182 | + | |
| 183 | + | |
178 | 184 | | |
179 | 185 | | |
180 | 186 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
130 | 130 | | |
131 | 131 | | |
132 | 132 | | |
133 | | - | |
| 133 | + | |
134 | 134 | | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
135 | 139 | | |
136 | 140 | | |
137 | 141 | | |
| |||
0 commit comments