client: replace enable_tickets option with tls12_resumption

examples/src/bin/tlsclient-mio.rs

@@ -429,7 +429,7 @@ fn make_config(args: &Args) -> Arc<rustls::ClientConfig> {
     config.key_log = Arc::new(rustls::KeyLogFile::new());
 
     if args.flag_no_tickets {
-        config.enable_tickets = false;
+        config.tls12_resumption = Some(rustls::client::Tls12Resumption::SessionIdOnly);
     }
 
     if args.flag_no_sni {

rustls/src/client/builder.rs

@@ -1,14 +1,13 @@
-use crate::anchors;
 use crate::builder::{ConfigBuilder, WantsVerifier};
-use crate::client::handy;
-use crate::client::{ClientConfig, ResolvesClientCert};
+use crate::client::{handy, ClientConfig, ResolvesClientCert};
 use crate::error::Error;
-use crate::key;
+use crate::key_log::NoKeyLog;
 use crate::kx::SupportedKxGroup;
 use crate::suites::SupportedCipherSuite;
 use crate::verify::{self, CertificateTransparencyPolicy};
-use crate::versions;
-use crate::NoKeyLog;
+use crate::{anchors, key, versions};
+
+use super::Tls12Resumption;
 
 use std::marker::PhantomData;
 use std::sync::Arc;
@@ -179,7 +178,7 @@ impl ConfigBuilder<ClientConfig, WantsClientCert> {
             session_storage: handy::ClientSessionMemoryCache::new(256),
             max_fragment_size: None,
             client_auth_cert_resolver,
-            enable_tickets: true,
+            tls12_resumption: Some(Tls12Resumption::SessionIdOrTickets),
             versions: self.state.versions,
             enable_sni: true,
             verifier: self.state.verifier,

rustls/src/client/client_conn.rs

@@ -155,7 +155,7 @@ pub struct ClientConfig {
     /// effect.
     ///
     /// The default is true.
-    pub enable_tickets: bool,
+    pub tls12_resumption: Option<Tls12Resumption>,
 
     /// Supported versions, in no particular order.  The default
     /// is all supported versions.
@@ -187,12 +187,26 @@ pub struct ClientConfig {
     pub enable_early_data: bool,
 }
 
+/// What mechanisms to support for resuming a TLS 1.2 session.
+#[derive(Clone, Copy, Debug, PartialEq)]
+pub enum Tls12Resumption {
+    /// Support 1.2 resumption using session ids only.
+    SessionIdOnly,
+    /// Support 1.2 resumption using session ids or RFC 5077 tickets.
+    ///
+    /// See[^1] for why you might like to disable RFC 5077 by instead choosing the `SessionIdOnly`
+    /// option. Note that TLS 1.3 tickets do not have those issues.
+    ///
+    /// [^1]: <https://words.filippo.io/we-need-to-talk-about-session-tickets/>
+    SessionIdOrTickets,
+}
+
 impl fmt::Debug for ClientConfig {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         f.debug_struct("ClientConfig")
             .field("alpn_protocols", &self.alpn_protocols)
             .field("max_fragment_size", &self.max_fragment_size)
-            .field("enable_tickets", &self.enable_tickets)
+            .field("tls12_resumption", &self.tls12_resumption)
             .field("enable_sni", &self.enable_sni)
             .field("enable_early_data", &self.enable_early_data)
             .finish_non_exhaustive()

rustls/src/client/hs.rs

@@ -26,6 +26,7 @@ use crate::SupportedCipherSuite;
 
 #[cfg(feature = "tls12")]
 use super::tls12;
+use super::Tls12Resumption;
 use crate::client::client_conn::ClientConnectionData;
 use crate::client::common::ClientHelloDetails;
 use crate::client::{tls13, ClientConfig, ServerName};
@@ -248,7 +249,7 @@ fn emit_client_hello_for_retry(
         exts.push(ClientExtension::Cookie(cookie.clone()));
     }
 
-    if support_tls13 && config.enable_tickets {
+    if support_tls13 {
         // We could support PSK_KE here too. Such connections don't
         // have forward secrecy, and are similar to TLS1.2 resumption.
         let psk_modes = vec![PSKKeyExchangeMode::PSK_DHE_KE];
@@ -380,16 +381,16 @@ fn prepare_resumption<'a>(
     cx: &mut ClientContext<'_>,
     config: &ClientConfig,
 ) -> Option<persist::Retrieved<&'a persist::Tls13ClientSessionValue>> {
-    if !config.enable_tickets {
-        return None;
-    }
-
     // Check whether we're resuming with a non-empty ticket.
     let resuming = match resuming {
         Some(resuming) if !resuming.ticket().is_empty() => resuming,
         _ => {
-            // If we don't have a ticket, request one.
-            exts.push(ClientExtension::SessionTicket(ClientSessionTicket::Request));
+            if config.supports_version(ProtocolVersion::TLSv1_3)
+                || config.tls12_resumption == Some(Tls12Resumption::SessionIdOrTickets)
+            {
+                // If we don't have a ticket, request one.
+                exts.push(ClientExtension::SessionTicket(ClientSessionTicket::Request));
+            }
             return None;
         }
     };
@@ -398,7 +399,9 @@ fn prepare_resumption<'a>(
         Some(tls13) => tls13,
         None => {
             // TLS 1.2; send the ticket if we have support this protocol version
-            if config.supports_version(ProtocolVersion::TLSv1_2) {
+            if config.supports_version(ProtocolVersion::TLSv1_2)
+                && config.tls12_resumption == Some(Tls12Resumption::SessionIdOrTickets)
+            {
                 exts.push(ClientExtension::SessionTicket(ClientSessionTicket::Offer(
                     Payload::new(resuming.ticket()),
                 )));

rustls/src/lib.rs

@@ -407,11 +407,10 @@ pub mod client {
     mod tls13;
 
     pub use builder::{WantsClientCert, WantsTransparencyPolicyOrClientCert};
-    pub use client_conn::ClientSessionStore;
-    pub use client_conn::InvalidDnsNameError;
-    pub use client_conn::ResolvesClientCert;
-    pub use client_conn::ServerName;
-    pub use client_conn::{ClientConfig, ClientConnection, ClientConnectionData, WriteEarlyData};
+    pub use client_conn::{
+        ClientConfig, ClientConnection, ClientConnectionData, ClientSessionStore,
+        InvalidDnsNameError, ResolvesClientCert, ServerName, Tls12Resumption, WriteEarlyData,
+    };
     pub use handy::{ClientSessionMemoryCache, NoClientSessionStorage};
 
     #[cfg(feature = "dangerous_configuration")]