httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <>
Subject Re: [PATCH] mod_ssl: improving session caching for SNI configurations
Date Sat, 07 Nov 2009 12:21:56 GMT
Kaspar Brand wrote:

+#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0
+#define TICK_KEYS_LEN   sizeof(((SSL_CTX *)0)->tlsext_tick_key_name) \
+                      + sizeof(((SSL_CTX *)0)->tlsext_tick_hmac_key) \
+                      + sizeof(((SSL_CTX *)0)->tlsext_tick_aes_key)
+    unsigned char tlsext_tick_keys[TICK_KEYS_LEN];
+    RAND_pseudo_bytes(tlsext_tick_keys, TICK_KEYS_LEN);

A few comments about that:

These are cryptographic keys (or at least the HMAC and AES keys are) so you
should use RAND_bytes(), not RAND_pseudo_bytes().

Don't dereference the structures directly as at some point the sizes might
change, the structure made opaque or a different mechanism used for storing keys
(e.g. HSM support).

The approved way is to call:

SSL_CTX_set_tlsext_ticket_keys(sc->server->ssl_ctx, NULL, -1)

which will return the combined length of all keys.


+            sid_ctx = ap_md5_binary(c->pool, (unsigned char*)sc->vhost_id,
+                                    sc->vhost_id_len);

should we be using MD5 now if it can be avoided?

Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute:
OpenSSL Core team:

View raw message