Use Psiphon-Labs/psiphon-tls@f762bf7b8128

* Reverts temporary fixes for session resumption

go.mod

@@ -35,7 +35,7 @@ require (
 	github.com/Psiphon-Labs/bolt v0.0.0-20200624191537-23cedaef7ad7
 	github.com/Psiphon-Labs/consistent v0.0.0-20240322131436-20aaa4e05737
 	github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464
-	github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240812172553-e7a4dbd0bf2b
+	github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821050307-f762bf7b8128
 	github.com/Psiphon-Labs/quic-go v0.0.0-20240424181006-45545f5e1536
 	github.com/Psiphon-Labs/utls v1.1.1-0.20240818221737-55b85574734b
 	github.com/armon/go-proxyproto v0.0.0-20180202201750-5b7edb60ff5f

go.sum

@@ -18,8 +18,8 @@ github.com/Psiphon-Labs/consistent v0.0.0-20240322131436-20aaa4e05737 h1:QTMy7Uc
 github.com/Psiphon-Labs/consistent v0.0.0-20240322131436-20aaa4e05737/go.mod h1:Enj/Gszv2zCbuRbHbabmNvfO9EM+5kmaGj8CyjwNPlY=
 github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464 h1:VmnMMMheFXwLV0noxYhbJbLmkV4iaVW3xNnj6xcCNHo=
 github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464/go.mod h1:Pe5BqN2DdIdChorAXl6bDaQd/wghpCleJfid2NoSli0=
-github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240812172553-e7a4dbd0bf2b h1:OJBiXScGxzcnK+DYwWnUDWSzgZXs7VEYGiXToZHdjzk=
-github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240812172553-e7a4dbd0bf2b/go.mod h1:AaKKoshr8RI1LZTheeNDtNuZ39qNVPWVK4uir2c2XIs=
+github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821050307-f762bf7b8128 h1:JMYB3ojvIT1AGUaXSHjrxG/zzwOvYPcAcE64su1GhZM=
+github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821050307-f762bf7b8128/go.mod h1:AaKKoshr8RI1LZTheeNDtNuZ39qNVPWVK4uir2c2XIs=
 github.com/Psiphon-Labs/quic-go v0.0.0-20240424181006-45545f5e1536 h1:pM5ex1QufkHV8lDR6Tc1Crk1bW5lYZjrFIJGZNBWE9k=
 github.com/Psiphon-Labs/quic-go v0.0.0-20240424181006-45545f5e1536/go.mod h1:2MTiPsgoOqWs3Bo6Xr3ElMBX6zzfjd3YkDFpQJLwHdQ=
 github.com/Psiphon-Labs/utls v1.1.1-0.20240818221737-55b85574734b h1:NU9LaY5CPpffrIhsBQN2vW0EqnTSQt6VMZSaho53q9A=

vendor/github.com/Psiphon-Labs/psiphon-tls/handshake_server.go

@@ -655,15 +655,12 @@ func (hs *serverHandshakeState) checkForResumption() error {
 		sessionState = ss
 	}
 
-	// [Psiphon]
-	// *TODO* write a reason why this is commented out.
-	// // TLS 1.2 tickets don't natively have a lifetime, but we want to avoid
 	// // re-wrapping the same master secret in different tickets over and over for
 	// // too long, weakening forward secrecy.
-	// createdAt := time.Unix(int64(sessionState.createdAt), 0)
-	// if c.config.time().Sub(createdAt) > maxSessionTicketLifetime {
-	// 	return nil
-	// }
+	createdAt := time.Unix(int64(sessionState.createdAt), 0)
+	if c.config.time().Sub(createdAt) > maxSessionTicketLifetime {
+		return nil
+	}
 
 	// [Psiphon]
 	// Skip ticket lifetime check when using obfuscated session tickets.
@@ -720,10 +717,10 @@ func (hs *serverHandshakeState) checkForResumption() error {
 	}
 
 	// RFC 7627, Section 5.3
-	// *TODO* write a reason why this is commented out.
-	// if !sessionState.extMasterSecret && hs.clientHello.extendedMasterSecret {
-	// 	return nil
-	// }
+	if !sessionState.extMasterSecret && hs.clientHello.extendedMasterSecret {
+		return nil
+	}
+
 	// [Psiphon]
 	// When using obfuscated session tickets, the client-generated session ticket
 	// state never uses EMS. ClientHellos vary in EMS support. So, in this mode,

vendor/modules.txt

@@ -23,7 +23,7 @@ github.com/Psiphon-Labs/consistent
 # github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464
 ## explicit
 github.com/Psiphon-Labs/goptlib
-# github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240812172553-e7a4dbd0bf2b
+# github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821050307-f762bf7b8128
 ## explicit; go 1.21
 github.com/Psiphon-Labs/psiphon-tls
 # github.com/Psiphon-Labs/quic-go v0.0.0-20240424181006-45545f5e1536