[Ach] TLS session tickets "break" PFS
Reed Loden
reed at reedloden.com
Wed Sep 24 10:43:52 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 24 Sep 2014 10:09:03 +0200
Aaron Zauner <azet at azet.org> wrote:
> So our question in this case has to be: how can
> we avoid TLS session tickets in our configurations and get the
> knowledge about the issue out to administrators and developers?
Not sure that disabling TLS session tickets completely is the way to
go, especially considering the scaling issues that creates by having
to store session info on the server-side... Seems like you could
improve this at the server-side by rotating session ticket keys more
regularly.
Specifically, Twitter wrote about this problem last year in their blog
post announcing PFS support, including what they did to improve the
situation: https://blog.twitter.com/2013/forward-secrecy-at-twitter.
I think it would be worthwhile for somebody to open source some tooling
needed to do the rotation well (and securely), or even perhaps modify
Apache/nginx to better support regular rotation of session ticket keys.
~reed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iKYEARECAGYFAlQihE9fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDZCNTZGOUFDMDdCNjg1RDdEQzQ1NjBEQTZC
QTIyMjI2RjNDMzNENUEACgkQa6IiJvPDPVr2HwCdFnZV3fuVrbC2BT04ph21YbZO
NxQAoLTZx/Q0/KvFmQq4bYzau32rW5TE
=mmJ8
-----END PGP SIGNATURE-----
More information about the Ach
mailing list