Limit the lifetime of tickets to Policy::session_ticket_lifetime()

seconds and report that value to the client in the NewSessionTicket
message. After that point, a session ticket is ignored and a full
renegotiation is forced.

Only send a new session ticket on a new session, or on a resumed
session where the client indicated it supports session tickets but for
whatever reason didn't send one in the hello. Perhaps in this case, we
should also remove the session from the session manager?

Clean up server selection of the ciphersuite a bit, all in an anon
function in tls_server instead of scattered over Server, Policy, and
Server_Hello.

Add Session::session_age and Session_Manager::session_lifetime

1 files changed, 20 insertions, 61 deletions

diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp
index 7da9fdc57..bb93108d9 100644
--- a/src/tls/s_hello.cpp
+++ b/src/tls/s_hello.cpp
@@ -21,47 +21,6 @@ namespace TLS {
 */
 Server_Hello::Server_Hello(Record_Writer& writer,
                            Handshake_Hash& hash,
-                           Protocol_Version version,
-                           const Client_Hello& c_hello,
-                           const std::vector<std::string>& available_cert_types,
-                           const Policy& policy,
-                           bool have_session_ticket_key,
-                           bool client_has_secure_renegotiation,
-                           const MemoryRegion<byte>& reneg_info,
-                           bool client_has_npn,
-                           const std::vector<std::string>& next_protocols,
-                           RandomNumberGenerator& rng) :
-   s_version(version),
-   m_session_id(rng.random_vec(32)),
-   s_random(make_hello_random(rng)),
-   m_fragment_size(c_hello.fragment_size()),
-   m_secure_renegotiation(client_has_secure_renegotiation),
-   m_renegotiation_info(reneg_info),
-   m_next_protocol(client_has_npn),
-   m_next_protocols(next_protocols),
-   m_supports_session_ticket(have_session_ticket_key &&
-                             c_hello.supports_session_ticket())
-   {
-   suite = policy.choose_suite(
-      c_hello.ciphersuites(),
-      available_cert_types,
-      policy.choose_curve(c_hello.supported_ecc_curves()) != "",
-      false);
-
-   if(suite == 0)
-      throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
-                          "Can't agree on a ciphersuite with client");
-
-   comp_method = policy.choose_compression(c_hello.compression_methods());
-
-   hash.update(writer.send(*this));
-   }
-
-/*
-* Create a new Server Hello message
-*/
-Server_Hello::Server_Hello(Record_Writer& writer,
-                           Handshake_Hash& hash,
                            const MemoryRegion<byte>& session_id,
                            Protocol_Version ver,
                            u16bit ciphersuite,
@@ -69,21 +28,21 @@ Server_Hello::Server_Hello(Record_Writer& writer,
                            size_t max_fragment_size,
                            bool client_has_secure_renegotiation,
                            const MemoryRegion<byte>& reneg_info,
-                           bool client_supports_session_tickets,
+                           bool offer_session_ticket,
                            bool client_has_npn,
                            const std::vector<std::string>& next_protocols,
                            RandomNumberGenerator& rng) :
-   s_version(ver),
+   m_version(ver),
    m_session_id(session_id),
-   s_random(make_hello_random(rng)),
-   suite(ciphersuite),
-   comp_method(compression),
+   m_random(make_hello_random(rng)),
+   m_ciphersuite(ciphersuite),
+   m_comp_method(compression),
    m_fragment_size(max_fragment_size),
    m_secure_renegotiation(client_has_secure_renegotiation),
    m_renegotiation_info(reneg_info),
    m_next_protocol(client_has_npn),
    m_next_protocols(next_protocols),
-   m_supports_session_ticket(client_supports_session_tickets)
+   m_supports_session_ticket(offer_session_ticket)
    {
    hash.update(writer.send(*this));
    }
@@ -105,24 +64,24 @@ Server_Hello::Server_Hello(const MemoryRegion<byte>& buf)
    const byte major_version = reader.get_byte();
    const byte minor_version = reader.get_byte();
 
-   s_version = Protocol_Version(major_version, minor_version);
+   m_version = Protocol_Version(major_version, minor_version);
 
-   if(s_version != Protocol_Version::SSL_V3 &&
-      s_version != Protocol_Version::TLS_V10 &&
-      s_version != Protocol_Version::TLS_V11 &&
-      s_version != Protocol_Version::TLS_V12)
+   if(m_version != Protocol_Version::SSL_V3 &&
+      m_version != Protocol_Version::TLS_V10 &&
+      m_version != Protocol_Version::TLS_V11 &&
+      m_version != Protocol_Version::TLS_V12)
       {
       throw TLS_Exception(Alert::PROTOCOL_VERSION,
                           "Server_Hello: Unsupported server version");
       }
 
-   s_random = reader.get_fixed<byte>(32);
+   m_random = reader.get_fixed<byte>(32);
 
    m_session_id = reader.get_range<byte>(1, 0, 32);
 
-   suite = reader.get_u16bit();
+   m_ciphersuite = reader.get_u16bit();
 
-   comp_method = reader.get_byte();
+   m_comp_method = reader.get_byte();
 
    Extensions extensions(reader);
 
@@ -154,16 +113,16 @@ MemoryVector<byte> Server_Hello::serialize() const
    {
    MemoryVector<byte> buf;
 
-   buf.push_back(s_version.major_version());
-   buf.push_back(s_version.minor_version());
-   buf += s_random;
+   buf.push_back(m_version.major_version());
+   buf.push_back(m_version.minor_version());
+   buf += m_random;
 
    append_tls_length_value(buf, m_session_id, 1);
 
-   buf.push_back(get_byte(0, suite));
-   buf.push_back(get_byte(1, suite));
+   buf.push_back(get_byte(0, m_ciphersuite));
+   buf.push_back(get_byte(1, m_ciphersuite));
 
-   buf.push_back(comp_method);
+   buf.push_back(m_comp_method);
 
    Extensions extensions;