httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <>
Subject Re: [PATCH] mod_ssl: improving session caching for SNI configurations
Date Wed, 04 Nov 2009 12:33:34 GMT
Kaspar Brand wrote:
> Kamesh Jayachandran wrote:
>> Reasonable fix for this on the server side is to apply SSL_OP_NO_TICKET 
>> patch and enable SSLSessionCache.
> There is actually another reason why disabling TLS session tickets makes
> sense at the present time: with OpenSSL's current stable version
> (0.9.8k), session tickets only work properly for the first/default
> vhost. For all other vhosts, mod_ssl will fail to decrypt a
> previously-generated ticket, due to the order in which OpenSSL currently
> deals with the SNI and ticket extensions (and their callbacks). The
> consequence is that with 2.2.x and an SNI configuration, session caching
> for clients supporting TLS tickets is not working for all but the first
> vhost.

The current OpenSSL (unreleased) stable code uses ticket keys from the initial
ctx and not the current one. This makes session resumption with tickets and SNI
work again because they all use the same keys.

The equivalent can be done with previous versions of OpenSSL by generating the
three ticket related keys and initializing the same ones in all SSL_CTX
structures. The function macro SSL_CTX_set_tlsext_ticket_keys can be used to do

> 1) When configuring a new SSL context (in
> ssl_engine_init.c:ssl_init_ctx_tls_extensions), it disables session
> ticket support if a server-side session cache is configured. Enabling
> both session tickets and a cache for stateful resumption at the same
> time doesn't make that much sense anyway, IMO. This change will also
> solve the issue with OpenSSL clients (as reported by Kamesh), provided
> that a server-side cache is configured.

I suppose if some clients support tickets and others do not then enabling both
makes sense. You'd get improved performance for the equivalent cache size
because ticket supporting clients would do their own caching and non-ticket
clients would use normal stateful session resumption. Though as you note older
versions of OpenSSL will be in use for quite a while after 0.9.8l is released.

Note this should all be fixed in current unreleased OpenSSL (which will be
0.9.8l) but it needs client side as well as server side changes.

Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute:
OpenSSL Core team:

View raw message