[Ach] TLS session tickets "break" PFS
reed at reedloden.com
Wed Sep 24 20:02:12 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 24 Sep 2014 12:24:01 +0200
Aaron Zauner <azet at azet.org> wrote:
> Well it has to be supported by the TLS stack and webserver - for example
> on the TLS list it was mentioned that nginx does not support this as of now.
- From the TLS list, "Right now e.g. nginx isn't rotation anything and
shares sessions and keys among all defined servers. They are blaming
OpenSSL for that, but that's just a library and the server should
rotate and distribute the keys while each instance has its own library."
Not sure why that would be nginx-specific... Fairly sure Apache doesn't
do that either. I do think that web servers should improve this
situation somewhat (perhaps by at least supporting automagic creation
and rotation of session ticket keys on an individual instance basis,
leaving the clustering aspect to external means).
At least both Apache and nginx support ways of specifying the actual
TLS session ticket keys (as files), which is what you need in order to
do rotation (outside of the web server doing it itself).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Ach