Changeset 8d0efdc in mod_gnutls


Ignore:
Timestamp:
Jun 18, 2020, 4:57:32 PM (3 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
master
Children:
9a26df9
Parents:
8f000b7
Message:

Disable session tickets by default

After learning that the GnuTLS key "rotation" scheme never actually
changes the primary key I'm disabling session tickets by default,
because I cannot ensure everyone will reload their servers to replace
the keys. I hope to eventually implement a real key rotation and
enable tickets by default again.

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • doc/mod_gnutls_manual.md

    r8f000b7 r8d0efdc  
    134134:   Turns off all caching of TLS sessions.
    135135
    136     This can significantly reduce the performance of `mod_gnutls`
    137     since even followup connections by a client must renegotiate
    138     parameters instead of reusing old ones. This is the default, since
    139     it requires no configuration.
     136    This can reduce the performance of `mod_gnutls` since every
     137    followup connection by a client must perform a full TLS
     138    handshake. This is the default because it requires no
     139    configuration.
    140140
    141141    Session tickets are an alternative to using a session cache,
     
    161161    GnuTLSSessionTickets [on|off]
    162162
    163 Default: `on` with GnuTLS 3.6.4 and newer, `off` otherwise\
     163Default: `off`
    164164Context: server config, virtual host
    165165
     
    174174without a `GnuTLSSessionTickets` setting will use the global setting.
    175175
    176 *Warning:* With GnuTLS version before 3.6.4 the master key that
    177 protects the tickets is generated only on server start, and there is
    178 no mechanism to roll over the key. If session tickets are enabled it
    179 is highly recommended to restart the server regularly to protect past
    180 sessions in case an attacker gains access to server memory. GnuTLS
    181 3.6.4 introduced an automatic TOTP-based key rollover, so this warning
    182 does not apply any more and tickets are enabled by default.
     176*Warning:* The primary key used to encrypt the tickets is generated
     177while the server loads its configuration. An attacker who is able to
     178read this key from server RAM may be able to decrypt past TLS 1.2
     179sessions and impersonate the server to clients trying to resume
     180sessions using tickets. If you enable session tickets you should
     181regularly `reload` the server to generate fresh keys. Many
     182distributions automatically do this during log rotation.
    183183
    184184### GnuTLSDHFile
     
    801801issuer certificate in addition to the server's, and
    802802[mod\_socache\_shmcb](http://httpd.apache.org/docs/current/en/mod/mod_socache_shmcb.html)
    803 is loaded. With Gnutls 3.6.4 or newer session tickets are enabled,
    804 too.
     803is loaded.
    805804
    806805Virtual Hosts with Server Name Indication
  • src/gnutls_hooks.c

    r8f000b7 r8d0efdc  
    659659            sc->enabled = GNUTLS_ENABLED_FALSE;
    660660        if (sc->tickets == GNUTLS_ENABLED_UNSET)
    661         {
    662             /* GnuTLS 3.6.4 introduced automatic master key rotation */
    663             if (gnutls_check_version_numeric(3, 6, 4))
    664                 sc->tickets = GNUTLS_ENABLED_TRUE;
    665             else
    666                 sc->tickets = GNUTLS_ENABLED_FALSE;
    667         }
     661            sc->tickets = GNUTLS_ENABLED_FALSE;
    668662        if (sc->export_certificates_size < 0)
    669663            sc->export_certificates_size = 0;
  • test/tests/37_TLS_reverse_proxy_resume_session/backend.conf

    r8f000b7 r8d0efdc  
    11Include ${PWD}/proxy_backend.conf
     2GnuTLSSessionTickets on
    23
    34<VirtualHost _default_:${BACKEND_PORT}>
Note: See TracChangeset for help on using the changeset viewer.