httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: svn commit: r1200040 - in /httpd/httpd/trunk: CHANGES modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h
Date Sun, 20 Nov 2011 10:37:57 GMT
On 15.11.2011 17:14, Paul Querna wrote:
> Maybe explaining it as such is easier to understand:
> 
> SSLTicketKeyFile basically gives you a list of possible decryption keys.
> 
> SSLTicketKeyDefault picks which one to use for encryption.  If
> SSLTicketKeyDefault is not set, the first added decryption key is
> used.

I see. What I don't completely understand yet, however, is the need /
use case for keeping multiple decryption keys around per
SSLSrvConfigRec. When switching to a new key (with a reload/restart),
session tickets encrypted with the previous keys should no longer get
decrypted - otherwise those sessions effectively become perpetual... or
am I overlooking something?

I.e., could we just drop the SSLTicketKeyDefault directive and remove
the "keyname" part from SSLTicketKeyFile, so that there's simply one
ticket key (file) per SSLSrvConfigRec? That would make the configuration
simpler, IMO.

>>>  Changes with Apache 2.3.16
>>>
>>> +  *) mod_ssl: Add support for RFC 5077 TLS Session tickets.
>>> +     [Paul Querna]
>>
>> This is somewhat misleading, I think. Session tickets are supported in
>> mod_ssl as soon as you compile it against OpenSSL 0.9.8f or later (they
>> default to on in OpenSSL, SSL_OP_NO_TICKET would have to be set
>> otherwise). What your patch adds, OTOH, is allowing explicit control of
>> the ticket encryption/decryption keys.
> 
> Sorry, this is correct.   Its not adding support to them in a single
> cluster, its making them configurable / controlable by the user --
> OpenSSL by default does generate random keys, but in a cluster of
> servers this makes session tickets basically useless.

Ok, then I it would be good to reword the entry in the CHANGES file a bit.

> for someone running a single httpd, if we can ensure that the random
> session ticket is generated once and the same across all children
> processes (which I am unsure it is?), then that would be better.

This is the case, yes. OpenSSL generates the keys in SSL_CTX_new (which
is called by mod_ssl at startup time). ssl3_send_newsession_ticket()
then uses these ticket keys by grabbing the SSL_CTX's initial_ctx -
unless you have an OpenSSL release between 0.9.8f and 0.9.8l (see also
http://cvs.openssl.org/chngview?cn=18770).

> For anyone running multiple httpd instances however, this is a very
> helpful feature and reduces the need for an external session cache
> store in memcache or such.

I agree, but then we should also document this feature.

Kaspar

Mime
View raw message