httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject [PATCH] mod_ssl: improving session caching for SNI configurations
Date Wed, 04 Nov 2009 09:35:40 GMT
Kamesh Jayachandran wrote:
> Reasonable fix for this on the server side is to apply SSL_OP_NO_TICKET 
> patch and enable SSLSessionCache.

There is actually another reason why disabling TLS session tickets makes
sense at the present time: with OpenSSL's current stable version
(0.9.8k), session tickets only work properly for the first/default
vhost. For all other vhosts, mod_ssl will fail to decrypt a
previously-generated ticket, due to the order in which OpenSSL currently
deals with the SNI and ticket extensions (and their callbacks). The
consequence is that with 2.2.x and an SNI configuration, session caching
for clients supporting TLS tickets is not working for all but the first
vhost.

The attached patch (for trunk, plus a backport for 2.2.x) includes two
proposed changes:

1) When configuring a new SSL context (in
ssl_engine_init.c:ssl_init_ctx_tls_extensions), it disables session
ticket support if a server-side session cache is configured. Enabling
both session tickets and a cache for stateful resumption at the same
time doesn't make that much sense anyway, IMO. This change will also
solve the issue with OpenSSL clients (as reported by Kamesh), provided
that a server-side cache is configured.

2) In the SNI callback, it adjusts OpenSSL's session id context - which
makes sure that the session can be properly resumed. (With the current
mod_ssl code, this context is always tied to the first vhost, possibly
resulting in incorrect resumption behavior.)

The first change might later be revised, depending on how future OpenSSL
versions deal with the combination of SNI + session tickets (work is
underway in this area). But given the fact that OpenSSL versions between
0.9.8f and 0.9.8k will stay around for quite some time, I consider this
the appropriate fix for the time being (later on, it could be #if'd
based on OPENSSL_VERSION_NUMBER, or maybe even made configurable through
an additional directive).

Kaspar

Mime
View raw message