v1.5.0 Post-Quantum and Session Resumption

What's Changed

• uTLS: X25519Kyber768Draft00 hybrid post-quantum key agreement by @gaukas in #223
• new: Support TLS-PSK (TLS 1.3) by @gaukas, @zeeker999 and @3andne in #231

A big shout out to @3andne for spending time on major refactoring/revision in the Session Resumption for both TLS 1.2 (SessionTicket-based) and TLS 1.3 (PreSharedKey-based)!

New API

type ISessionTicketExtension interface {
	TLSExtension

	// If false is returned, utls will invoke `InitializeByUtls()` for the necessary initialization.
	Initializable

	// InitializeByUtls is invoked when IsInitialized() returns false.
	// It initializes the extension using a real and valid TLS 1.2 session.
	InitializeByUtls(session *SessionState, ticket []byte)

	GetSession() *SessionState

	GetTicket() []byte
}

// SetSessionTicket sets the session ticket extension.
// If extension is nil, this will be a no-op.
func (uconn *UConn) SetSessionTicketExtension(sessionTicketExt ISessionTicketExtension)

type PreSharedKeyExtension interface {
	// TLSExtension must be implemented by all PreSharedKeyExtension implementations.
	TLSExtension

	// If false is returned, utls will invoke `InitializeByUtls()` for the necessary initialization.
	Initializable

	SetOmitEmptyPsk(val bool)

	// InitializeByUtls is invoked when IsInitialized() returns false.
	// It initializes the extension using a real and valid TLS 1.3 session.
	InitializeByUtls(session *SessionState, earlySecret []byte, binderKey []byte, identities []PskIdentity)

	// GetPreSharedKeyCommon retrieves the final PreSharedKey-related states as defined in PreSharedKeyCommon.
	GetPreSharedKeyCommon() PreSharedKeyCommon

	// PatchBuiltHello is called once the hello message is fully applied and marshaled.
	// Its purpose is to update the binders of PSK (Pre-Shared Key) identities.
	PatchBuiltHello(hello *PubClientHelloMsg) error

	mustEmbedUnimplementedPreSharedKeyExtension() // this works like a type guard
}

// SetPskExtension sets the psk extension for tls 1.3 resumption. This is a no-op if the psk is nil.
func (uconn *UConn) SetPskExtension(pskExt PreSharedKeyExtension) error

Full Changelog: v1.4.3...v1.5.0

v1.5.0-beta.4 PSK Bugfix

Fixed a previous bug causing PSK-resumption to fail.

Now UtlsPreSharedKeyExtension does not contain any externally-set states -- user MUST set Config.ClientSessionCache for resumption.

Full Changelog: v1.5.0-beta.3...v1.5.0-beta.4

v1.5.0-beta.3 PSK Examples for uTLS

Some minor changes and now we got PSK examples!

There's a bug: setting tls.Config.ClientSessionCache will cause PSK to fail. Currently users must set only tls.UtlsPreSharedKeyExtension.ClientSessionCacheOverride.
This is not an intended behavior and requires further investigation...

Full Changelog: v1.5.0-beta.2...v1.5.0-beta.3

v1.5.0-beta.2 the pre_shared_key

We are finally supporting pre_shared_key! I mean, with REAL support.

To use it, you must provide a type interfacing ClientSessionCache:

// ClientSessionCache is a cache of ClientSessionState objects that can be used
// by a client to resume a TLS session with a given server. ClientSessionCache
// implementations should expect to be called concurrently from different
// goroutines. Up to TLS 1.2, only ticket-based resumption is supported, not
// SessionID-based resumption. In TLS 1.3 they were merged into PSK modes, which
// are supported via this interface.
type ClientSessionCache interface {
	// Get searches for a ClientSessionState associated with the given key.
	// On return, ok is true if one was found.
	Get(sessionKey string) (session *ClientSessionState, ok bool)

	// Put adds the ClientSessionState to the cache with the given key. It might
	// get called multiple times in a connection if a TLS 1.3 server provides
	// more than one session ticket. If called with a nil *ClientSessionState,
	// it should remove the cache entry.
	Put(sessionKey string, cs *ClientSessionState)
}

Where the sessionKey is the ServerName (or IP Address if no ServerName).

This update could possibly break TLS 1.2 session resumption support from older versions, so please report any bugs you encountered.

This update includes a breaking change of PreShareKeyExtension: it is now an interface.

What's Changed

• new: UtlsPreSharedKeyExtension by @gaukas in #230

Full Changelog: v1.5.0-beta.1...v1.5.0-beta.2

v1.5.0-beta.1 Cow Goes Moo, Parrot Goes... Post-Quantum!

New Parrots

Duck Goes Quack, Cow Goes Moo, Parrot Goes Post-Quantum!

• HelloChrome_114_Padding_PSK_Shuf (N/84cf5dd358538618)
• HelloChrome_115_PQ† (N/8df981daa05723dc)
• HelloChrome_115_PQ_PSK† (N/1f8c15afb9d38c74)

† Set chrome://flags/#enable-tls13-kyber to enable in Chrome 115. To be generally available (perhaps default ON?) in Chrome 116.

What's Changed

• new: more parrots and safety update by @gaukas in #227

Full Changelog: v1.5.0-alpha...v1.5.0-beta.1

v1.5.0-alpha Post-Quantumania Alpha Test

What's Changed

• uTLS: X25519Kyber768Draft00 hybrid post-quantum key agreement by cloudflare/go by @gaukas in #222
• new: enable PQ parrots by @gaukas in #225

Full Changelog: v1.4.3...v1.5.0-alpha

v1.4.3 Buggy versions retracted

Retract v1.4.0, v1.4.1 for a breaking change made by crypto/tls in client handshake. This tag contains no code change from v1.4.2 since v1.4.2 patches the exact bug in the retracted versions.

What's Changed

• retract v1.4.1 panic by @trungdlp-wolffun in #220

New Contributors

• @trungdlp-wolffun made their first contribution in #220

Full Changelog: v1.4.2...v1.4.3

v1.4.2 Hotfix: ClientSessionCache

Provide a dirty fix for a bug(?) triggered when Config.ClientSessionCache is nil and session_ticket is received from a server.

v1.4.1 Go above and beyond

Security Fix

• Fixes CVE-2023-29409 in #208

What's New

• Feature: QUIC Transport from Go 1.21
• Oldest supported Go version: 1.19 1.20
  • Go 1.19 is retiring :( sorry children

What's Changed

• workflow: add more version build/test actions by @gaukas in #203
• fix: workflow naming convention by @gaukas in #204
• Fix zlib cert decompression by ignoring EOF by @hwh33 in #206
• sync: Go 1.21 with QUIC support by @gaukas in #208
• ci: update names and badges for CI actions by @gaukas in #211
• fix: don't deref nil ptr by @3andne in #214
• fix: poorly named qtps by @gaukas in #215
• RELEASE: Go 1.21 by @gaukas in #216

New Contributors

• @3andne made their first contribution in #214

Full Changelog: v1.3.3...v1.4.1

v1.3.3 Compatibility and Optimization

What's Changed

• import: use remote cpu package by @gaukas in #195
• fix: allow TLS 1.3 as min TLS version by @gaukas in #194
• fix: removed redundant assignment by @gaukas in #184

Full Changelog: v1.3.2...v1.3.3