tls session tickets

About this tag
TLS session tickets are a mechanism in the Transport Layer Security protocol that allows clients to resume a previous session without a full handshake. On WindowsForum.com, discussions about TLS session tickets often center on security vulnerabilities and implementation bugs. A notable example is CVE-2022-30629, a bug in Go's crypto/tls library where session tickets omitted the required ticket_age_add value in TLS 1.3, enabling network observers to correlate resumed sessions and weaken privacy. This issue has been highlighted in the context of Azure Linux (CBL-Mariner), with Microsoft providing guidance on mitigation. The tag covers troubleshooting, security advisories, and best practices for configuring TLS session tickets in Windows and cross-platform environments.
  1. CVE-2022-30629: Go TLS Ticket Age Add Bug and Azure Linux Attestation

    The Go standard library's TLS implementation shipped a small but consequential bug in 2022: session tickets created by crypto/tls omitted a randomly generated ticket_age_add value required by the TLS 1.3 specification. The result (tracked as CVE‑2022‑30629 / GO‑2022‑0531) is not a catastrophic...