Add TLS session id generator

SagerNet · Nov 17, 2024 · b28a0ef · b28a0ef
1 parent 789a991
commit b28a0ef
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 12 deletions.
diff --git a/internal/tls/common.go b/internal/tls/common.go
@@ -784,6 +784,8 @@ type Config struct {
 	// used for debugging.
 	KeyLogWriter io.Writer
 
+	SessionIDGenerator func(clientHello []byte, sessionID []byte) error
+
 	// EncryptedClientHelloConfigList is a serialized ECHConfigList. If
 	// provided, clients will attempt to connect to servers using Encrypted
 	// Client Hello (ECH) using one of the provided ECHConfigs. Servers

diff --git a/internal/tls/handshake_client.go b/internal/tls/handshake_client.go
@@ -115,18 +115,6 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
 		return nil, nil, nil, errors.New("tls: short read from Rand: " + err.Error())
 	}
 
-	// A random session ID is used to detect when the server accepted a ticket
-	// and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
-	// a compatibility measure (see RFC 8446, Section 4.1.2).
-	//
-	// The session ID is not set for QUIC connections (see RFC 9001, Section 8.4).
-	if c.quic == nil {
-		hello.sessionId = make([]byte, 32)
-		if _, err := io.ReadFull(config.rand(), hello.sessionId); err != nil {
-			return nil, nil, nil, errors.New("tls: short read from Rand: " + err.Error())
-		}
-	}
-
 	if maxVersion >= VersionTLS12 {
 		hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
 	}
@@ -235,6 +223,26 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
 		}
 	}
 
+	if c.quic == nil {
+		// A random session ID is used to detect when the server accepted a ticket
+		// and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
+		// a compatibility measure (see RFC 8446, Section 4.1.2).
+		hello.sessionId = make([]byte, 32)
+		if config.SessionIDGenerator != nil {
+			buffer, err := hello.marshal()
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			if err := config.SessionIDGenerator(buffer, hello.sessionId); err != nil {
+				return nil, nil, nil, errors.New("tls: generate session id failed: " + err.Error())
+			}
+		} else {
+			if _, err := io.ReadFull(config.rand(), hello.sessionId); err != nil {
+				return nil, nil, nil, errors.New("tls: short read from Rand: " + err.Error())
+			}
+		}
+	}
+
 	return hello, keyShareKeys, ech, nil
 }