Skip to content

crypto/tls: TLSv1.3 connection fails with invalid PSK binder #59424

New issue
New issue
Closed
Closed
crypto/tls: TLSv1.3 connection fails with invalid PSK binder#59424
Labels
FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.
Milestone
Go1.21
@tsaarni

Description

@tsaarni
tsaarni
opened on Apr 4, 2023

What version of Go are you using (go version)?

The bug impacts following versions

  • Go1.19.6 or later
  • Go1.20.1 or later

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

The bug is not OS dependent

What did you do?

  1. I have written TLSv1.3 client and server written in go.
  2. In the server I have set CurvePreferences with non-default list of curves.
  3. In the client I'm using default list of curves.
  4. In the client I have enabled TLS session resumption by setting ClientSessionCache

What did you expect to see?

When the client establishes second TLS session, I expected the TLS handshake to succeed.

What did you see instead?

When the client establishes second TLS session, the server will reject it with alert invalid PSK binder.

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions