Use Psiphon-Labs/psiphon-tls@dbd11af4feef

go.mod

@@ -35,7 +35,7 @@ require (
 	github.com/Psiphon-Labs/bolt v0.0.0-20200624191537-23cedaef7ad7
 	github.com/Psiphon-Labs/consistent v0.0.0-20240322131436-20aaa4e05737
 	github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464
-	github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821051046-09ca7d11918f
+	github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821193920-dbd11af4feef
 	github.com/Psiphon-Labs/quic-go v0.0.0-20240821052333-b6316b594e39
 	github.com/Psiphon-Labs/utls v1.1.1-0.20240821052800-443a34df921f
 	github.com/armon/go-proxyproto v0.0.0-20180202201750-5b7edb60ff5f

go.sum

@@ -18,8 +18,8 @@ github.com/Psiphon-Labs/consistent v0.0.0-20240322131436-20aaa4e05737 h1:QTMy7Uc
 github.com/Psiphon-Labs/consistent v0.0.0-20240322131436-20aaa4e05737/go.mod h1:Enj/Gszv2zCbuRbHbabmNvfO9EM+5kmaGj8CyjwNPlY=
 github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464 h1:VmnMMMheFXwLV0noxYhbJbLmkV4iaVW3xNnj6xcCNHo=
 github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464/go.mod h1:Pe5BqN2DdIdChorAXl6bDaQd/wghpCleJfid2NoSli0=
-github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821051046-09ca7d11918f h1:Ps4xn/vyiQIVyVMMWwhSJx0JJ1UGfMKLbUzs101sZjs=
-github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821051046-09ca7d11918f/go.mod h1:AaKKoshr8RI1LZTheeNDtNuZ39qNVPWVK4uir2c2XIs=
+github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821193920-dbd11af4feef h1:dEySURH5eTYCqPNxYA15EKrArZTZ704gUdel/lkfb9M=
+github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821193920-dbd11af4feef/go.mod h1:AaKKoshr8RI1LZTheeNDtNuZ39qNVPWVK4uir2c2XIs=
 github.com/Psiphon-Labs/quic-go v0.0.0-20240821052333-b6316b594e39 h1:ft0K9EDdBtMl+Q/akZ+qt3SdcmbtnTQOgE3OlWI6uz0=
 github.com/Psiphon-Labs/quic-go v0.0.0-20240821052333-b6316b594e39/go.mod h1:2MTiPsgoOqWs3Bo6Xr3ElMBX6zzfjd3YkDFpQJLwHdQ=
 github.com/Psiphon-Labs/utls v1.1.1-0.20240821052800-443a34df921f h1:7pxNVyg1fYHhJGoZjlDVXYIEeEbihNPv7fUgmKw3MG4=

vendor/github.com/Psiphon-Labs/psiphon-tls/handshake_server.go

@@ -655,27 +655,14 @@ func (hs *serverHandshakeState) checkForResumption() error {
 		sessionState = ss
 	}
 
-	// // re-wrapping the same master secret in different tickets over and over for
-	// // too long, weakening forward secrecy.
+	// TLS 1.2 tickets don't natively have a lifetime, but we want to avoid
+	// re-wrapping the same master secret in different tickets over and over for
+	// too long, weakening forward secrecy.
 	createdAt := time.Unix(int64(sessionState.createdAt), 0)
 	if c.config.time().Sub(createdAt) > maxSessionTicketLifetime {
 		return nil
 	}
 
-	// [Psiphon]
-	// Skip ticket lifetime check when using obfuscated session tickets.
-	if !c.config.UseObfuscatedSessionTickets {
-
-		// TLS 1.2 tickets don't natively have a lifetime, but we want to avoid
-		// re-wrapping the same master secret in different tickets over and over for
-		// too long, weakening forward secrecy.
-		createdAt := time.Unix(int64(sessionState.createdAt), 0)
-		if c.config.time().Sub(createdAt) > maxSessionTicketLifetime {
-			return nil
-		}
-
-	}
-
 	// Never resume a session for a different TLS version.
 	if c.vers != sessionState.version {
 		return nil

vendor/modules.txt

@@ -23,7 +23,7 @@ github.com/Psiphon-Labs/consistent
 # github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464
 ## explicit
 github.com/Psiphon-Labs/goptlib
-# github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821051046-09ca7d11918f
+# github.com/Psiphon-Labs/psiphon-tls v0.0.0-20240821193920-dbd11af4feef
 ## explicit; go 1.21
 github.com/Psiphon-Labs/psiphon-tls
 # github.com/Psiphon-Labs/quic-go v0.0.0-20240821052333-b6316b594e39