diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index a25ebea6f..5596cc1b4 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -154,6 +154,9 @@ #define SSL_TRUNC_HMAC_ENABLED 1 #define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */ +#define SSL_SESSION_TICKETS_DISABLED 0 +#define SSL_SESSION_TICKETS_ENABLED 1 + /* * Size of the input / output buffer. * Note: the RFC defines the default size of SSL / TLS messages. If you @@ -561,6 +564,7 @@ struct _ssl_context int allow_legacy_renegotiation; /*!< allow legacy renegotiation */ const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */ int trunc_hmac; /*!< negotiate truncated hmac? */ + int session_tickets; /*!< use session tickets? */ #if defined(POLARSSL_DHM_C) mpi dhm_P; /*!< prime modulus for DHM */ @@ -667,6 +671,9 @@ int ssl_session_reset( ssl_context *ssl ); * * \param ssl SSL context * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER + * + * \note This function should be called right after ssl_init() since + * some other ssl_set_foo() functions depend on it. */ void ssl_set_endpoint( ssl_context *ssl, int endpoint ); @@ -1012,6 +1019,24 @@ int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code ); */ int ssl_set_truncated_hmac( ssl_context *ssl, int truncate ); +/** + * \brief Enable / Disable session tickets + * (Default: SSL_SESSION_TICKETS_ENABLED on client, + * SSL_SESSION_TICKETS_DISABLED on server) + * + * \note On server, ssl_set_rng() must be called before this function + * to allow generating the ticket encryption and + * authentication keys. + * + * \param ssl SSL context + * \param use_tickets Enable or disable (SSL_SESSION_TICKETS_ENABLED or + * SSL_SESSION_TICKETS_DISABLED) + * + * \return O if successful, + * or a specific error code (server only). + */ +int ssl_set_session_tickets( ssl_context *ssl, int use_tickets ); + /** * \brief Enable / Disable renegotiation support for connection when * initiated by peer diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 40b9f23cc..402c85a47 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -328,6 +328,12 @@ static void ssl_write_session_ticket_ext( ssl_context *ssl, unsigned char *p = buf; size_t tlen = ssl->session_negotiate->ticket_len; + if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED ) + { + *olen = 0; + return; + } + SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) ); *p++ = (unsigned char)( ( TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); @@ -648,8 +654,11 @@ static int ssl_parse_session_ticket_ext( ssl_context *ssl, const unsigned char *buf, size_t len ) { - if( len != 0 ) + if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED || + len != 0 ) + { return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO ); + } ((void) buf); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index ad9142c95..5b7db1718 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -534,6 +534,9 @@ static int ssl_parse_session_ticket_ext( ssl_context *ssl, const unsigned char *buf, size_t len ) { + if( ssl->session_tickets == SSL_SESSION_TICKETS_DISABLED ) + return( 0 ); + /* Remember the client asked us to send a new ticket */ ssl->handshake->new_session_ticket = 1; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index db87fe0c0..f7b9bd99c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2978,6 +2978,9 @@ int ssl_session_reset( ssl_context *ssl ) void ssl_set_endpoint( ssl_context *ssl, int endpoint ) { ssl->endpoint = endpoint; + + if( endpoint == SSL_IS_CLIENT ) + ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED; } void ssl_set_authmode( ssl_context *ssl, int authmode ) @@ -3225,6 +3228,13 @@ void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy ) ssl->allow_legacy_renegotiation = allow_legacy; } +int ssl_set_session_tickets( ssl_context *ssl, int use_tickets ) +{ + ssl->session_tickets = use_tickets; + + return( 0 ); +} + /* * SSL get accessors */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d57ed07fa..4b92c19f4 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -60,6 +60,7 @@ #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE #define DFL_TRUNC_HMAC 0 #define DFL_RECONNECT 0 +#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED #define LONG_HEADER "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-" \ "-01--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \ @@ -98,6 +99,7 @@ struct options unsigned char mfl_code; /* code for maximum fragment length */ int trunc_hmac; /* negotiate truncated hmac or not */ int reconnect; /* attempt to resume session */ + int tickets; /* enable / disable session tickets */ } opt; static void my_debug( void *ctx, int level, const char *str ) @@ -187,6 +189,7 @@ static int my_verify( void *data, x509_cert *crt, int depth, int *flags ) " renegotiation=%%d default: 1 (enabled)\n" \ " allow_legacy=%%d default: 0 (disabled)\n" \ " reconnect=%%d default: 0 (disabled)\n" \ + " tickets=%%d default: 1 (enabled)\n" \ "\n" \ " min_version=%%s default: \"\" (ssl3)\n" \ " max_version=%%s default: \"\" (tls1_2)\n" \ @@ -291,6 +294,7 @@ int main( int argc, char *argv[] ) opt.mfl_code = DFL_MFL_CODE; opt.trunc_hmac = DFL_TRUNC_HMAC; opt.reconnect = DFL_RECONNECT; + opt.tickets = DFL_TICKETS; for( i = 1; i < argc; i++ ) { @@ -357,6 +361,12 @@ int main( int argc, char *argv[] ) if( opt.reconnect < 0 || opt.reconnect > 2 ) goto usage; } + else if( strcmp( p, "tickets" ) == 0 ) + { + opt.tickets = atoi( q ); + if( opt.tickets < 0 || opt.tickets > 2 ) + goto usage; + } else if( strcmp( p, "min_version" ) == 0 ) { if( strcmp( q, "ssl3" ) == 0 ) @@ -664,6 +674,8 @@ int main( int argc, char *argv[] ) ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); + ssl_set_session_tickets( &ssl, opt.tickets ); + if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 57ff85c3a..2ed74e404 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -69,6 +69,7 @@ #define DFL_MAX_VERSION -1 #define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE +#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -105,6 +106,7 @@ struct options int max_version; /* maximum protocol version accepted */ int auth_mode; /* verify mode for connection */ unsigned char mfl_code; /* code for maximum fragment length */ + int tickets; /* enable / disable session tickets */ } opt; static void my_debug( void *ctx, int level, const char *str ) @@ -152,6 +154,7 @@ static void my_debug( void *ctx, int level, const char *str ) USAGE_IO \ " request_page=%%s default: \".\"\n" \ " renegotiation=%%d default: 1 (enabled)\n" \ + " tickets=%%d default: 1 (enabled)\n" \ " allow_legacy=%%d default: 0 (disabled)\n" \ " min_version=%%s default: \"ssl3\"\n" \ " max_version=%%s default: \"tls1_2\"\n" \ @@ -265,6 +268,7 @@ int main( int argc, char *argv[] ) opt.max_version = DFL_MAX_VERSION; opt.auth_mode = DFL_AUTH_MODE; opt.mfl_code = DFL_MFL_CODE; + opt.tickets = DFL_TICKETS; for( i = 1; i < argc; i++ ) { @@ -396,6 +400,12 @@ int main( int argc, char *argv[] ) else goto usage; } + else if( strcmp( p, "tickets" ) == 0 ) + { + opt.tickets = atoi( q ); + if( opt.tickets < 0 || opt.tickets > 1 ) + goto usage; + } else goto usage; } @@ -611,6 +621,8 @@ int main( int argc, char *argv[] ) ssl_cache_set, &cache ); #endif + ssl_set_session_tickets( &ssl, opt.tickets ); + if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );