httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject TLS forward secrecy, session tickets and mod_ssl/OpenSSL
Date Wed, 21 Aug 2013 11:17:28 GMT
Florent Daigniere presented on this at Black Hat.

Paper: https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf‎
Slides: https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf

Short Summary: Use of session tickets (enabled by default in OpenSSL) 
reduces effectiveness of TLS forward secrecy, because the keys used to 
generate tickets survive for the lifetime of the httpd process.  So if 
you have access to the httpd process you can retrieve the keys used to 
generate session tickets.

I can't see we can or should do much here other than adding an option 
(yay) which globally disables session ticket, SSL_OP_NO_TICKET in the 
SSL_CTX, for the paranoid.
	
It would be desirable (perhaps) if we could rotate keys faster than once 
the server lifetime, but this is shared state across the server so that 
is definitely non-trivial.

Any opinions here?

Regards, Joe

Mime
View raw message