crypto/tls: implement TLS 1.3 PSK authentication (client side) - go - Fork of Go programming language with my patches.

diff options

author	Filippo Valsorda <filippo@golang.org>	2018-11-04 18:41:37 -0500
committer	Filippo Valsorda <filippo@golang.org>	2018-11-12 20:43:23 +0000
commit	d669cc47ad8bfde5c0a525563803b3cc444fe897 (patch)
tree	89672d2397df62ebdc3b6aa42f7306b8fb26f91e /src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA
parent	dc0be727dc6182fb258f9f1048e9a9eef966c563 (diff)
download	go-d669cc47ad8bfde5c0a525563803b3cc444fe897.tar.xz

crypto/tls: implement TLS 1.3 PSK authentication (client side)

Also check original certificate validity when resuming TLS 1.0–1.2. Will refuse to resume a session if the certificate is expired or if the original connection had InsecureSkipVerify and the resumed one doesn't. Support only PSK+DHE to protect forward secrecy even with lack of a strong session ticket rotation story. Tested with NSS because s_server does not provide any way of getting the same session ticket key across invocations. Will self-test like TLS 1.0–1.2 once server side is implemented. Incorporates CL 128477 by @santoshankr. Fixes #24919 Updates #9671 Change-Id: Id3eaa5b6c77544a1357668bf9ff255f3420ecc34 Reviewed-on: https://go-review.googlesource.com/c/147420 Reviewed-by: Adam Langley <agl@golang.org>

Diffstat (limited to 'src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: