tls_session.go 1.1 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243
  1. package scan
  2. import "github.com/cloudflare/cfssl/scan/crypto/tls"
  3. // TLSSession contains tests of host TLS Session Resumption via
  4. // Session Tickets and Session IDs
  5. var TLSSession = &Family{
  6. Description: "Scans host's implementation of TLS session resumption using session tickets/session IDs",
  7. Scanners: map[string]*Scanner{
  8. "SessionResume": {
  9. "Host is able to resume sessions across all addresses",
  10. sessionResumeScan,
  11. },
  12. },
  13. }
  14. // SessionResumeScan tests that host is able to resume sessions across all addresses.
  15. func sessionResumeScan(addr, hostname string) (grade Grade, output Output, err error) {
  16. config := defaultTLSConfig(hostname)
  17. config.ClientSessionCache = tls.NewLRUClientSessionCache(1)
  18. conn, err := tls.DialWithDialer(Dialer, Network, addr, config)
  19. if err != nil {
  20. return
  21. }
  22. if err = conn.Close(); err != nil {
  23. return
  24. }
  25. return multiscan(addr, func(addrport string) (g Grade, o Output, e error) {
  26. var conn *tls.Conn
  27. if conn, e = tls.DialWithDialer(Dialer, Network, addrport, config); e != nil {
  28. return
  29. }
  30. conn.Close()
  31. if o = conn.ConnectionState().DidResume; o.(bool) {
  32. g = Good
  33. }
  34. return
  35. })
  36. }