Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: add fields to ClientHelloInfo #17430

Closed
FiloSottile opened this issue Oct 13, 2016 · 7 comments
Closed

crypto/tls: add fields to ClientHelloInfo #17430

FiloSottile opened this issue Oct 13, 2016 · 7 comments
Labels
FrozenDueToAge NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made.
Milestone
Go1.8Early

Comments

@FiloSottile
Copy link
Contributor

ClientHelloInfo is how callbacks make decisions on how to treat an incoming connection, which is becoming very powerful with https://golang.org/cl/30790/

As mentioned in #16066 (comment) it would be useful to have some more information in there.

The Cloudflare fork exposes Version, SignatureSchemes and LocalAddr. RemoteAddr seems fitting for completeness. ALPNProtocols as asked in #16066.

Looking at clientHelloMsg, only session resumption information, ocspStapling and scts are left, for which I can't think of a use case.
@titanous
Copy link
Member

Looking at clientHelloMsg, only session resumption information, ocspStapling and scts are left, for which I can't think of a use case.

It would be useful to have access to all of the information provided in the ClientHello to collect statistics on handshakes.

@FiloSottile
Copy link
Contributor Author

@titanous Something we did again in the Cloudflare fork is expose the serialized CH in the ConnectionState, but I don't think anything that low-level fits in the standard library. Or did you have anything else in mind?

@titanous
Copy link
Member

Something we did again in the Cloudflare fork is expose the serialized CH in the ConnectionState, but I don't think anything that low-level fits in the standard library. Or did you have anything else in mind?

It's not unprecedented. x509.Certificate has a bunch of Raw* fields. Another option would be exposing all parameters/extensions that the package is aware of and then using a single field for all unknown extensions.

@FiloSottile
Copy link
Contributor Author

True, but then I would go for having a high-level CHI, and a RawClientHello, rather than polluting CHI with sort-of-raw fields. Opinions on whether it should go on CHI or on ConnState? We wanted it in ConnState so we could observe it from a http.Handler. Maybe ConnectionState should expose a CHI?

Also, in 1.3 a CH might be a significant chunk of memory to keep around.

@FiloSottile
Copy link
Contributor Author

FiloSottile commented Oct 13, 2016
edited
Loading

Here is my patch on top of https://golang.org/cl/30790/, which I can't submit yet because the Go Gerrit does not seem to support CL with dependencies on CLs by other authors.

SupportedVersions is terrible, but needed to be forward-compatible with the TLS 1.3 extension-based version negotiation. The SignatureSchemes term is stolen from 1.3 and is uint16 to be forward-compatible.

/cc @agl

EDIT: patch mailed

@bradfitz bradfitz added this to the Go1.8Maybe milestone Oct 16, 2016
@bradfitz
Copy link
Contributor

@agl, decision?

@bradfitz bradfitz added the NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. label Oct 16, 2016
@gopherbot
Copy link
Contributor

CL https://golang.org/cl/31391 mentions this issue.

@agl agl modified the milestones: Go1.8Early, Go1.8Maybe Oct 25, 2016
@golang golang locked and limited conversation to collaborators Oct 26, 2017
FiloSottile added a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@FiloSottile @agl
crypto/tls: expand ClientHelloInfo
3fac26a 
Fixes golang#17430

Change-Id: Ia1c25363d64e3091455ce00644438715aff30a0d
Reviewed-on: https://go-review.googlesource.com/31391
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Filippo Valsorda <hi@filippo.io>
FiloSottile added a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@FiloSottile @agl
crypto/tls: expand ClientHelloInfo
b189f06 
Fixes golang#17430

Change-Id: Ia1c25363d64e3091455ce00644438715aff30a0d
Reviewed-on: https://go-review.googlesource.com/31391
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Filippo Valsorda <hi@filippo.io>
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made.
Projects
None yet
Milestone
Go1.8Early
Development

No branches or pull requests
5 participants
@bradfitz @titanous @agl @FiloSottile @gopherbot