From ce4bba9491060b7b71e8053ee999632b6ea9fee0 Mon Sep 17 00:00:00 2001
From: Gaukas Wang <i@gaukas.wang>
Date: Thu, 2 May 2024 20:29:02 -0600
Subject: [PATCH] quic: always use empty session ID

by RFC 9000 Section 8.4, QUIC must not send non-empty (legacy) session ID, otherwise server will return error.

* It is also weird that so far we see no error from server due to uquic sending 32-byte session ID.

Signed-off-by: Gaukas Wang <i@gaukas.wang>
---
 u_parrots.go | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/u_parrots.go b/u_parrots.go
index af85da8f..8ac1ca07 100644
--- a/u_parrots.go
+++ b/u_parrots.go
@@ -2672,12 +2672,21 @@ func (uconn *UConn) ApplyPreset(p *ClientHelloSpec) error {
 			hello.CipherSuites[i] = GetBoringGREASEValue(uconn.greaseSeed, ssl_grease_cipher)
 		}
 	}
-	var sessionID [32]byte
-	_, err = io.ReadFull(uconn.config.rand(), sessionID[:])
-	if err != nil {
-		return err
+
+	// A random session ID is used to detect when the server accepted a ticket
+	// and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
+	// a compatibility measure (see RFC 8446, Section 4.1.2).
+	//
+	// The session ID is not set for QUIC connections (see RFC 9001, Section 8.4).
+	if uconn.quic == nil {
+		var sessionID [32]byte
+		_, err = io.ReadFull(uconn.config.rand(), sessionID[:])
+		if err != nil {
+			return err
+		}
+		uconn.HandshakeState.Hello.SessionId = sessionID[:]
 	}
-	uconn.HandshakeState.Hello.SessionId = sessionID[:]
+
 	uconn.Extensions = make([]TLSExtension, len(p.Extensions))
 	copy(uconn.Extensions, p.Extensions)