Re: how is it possible to confirm that a TLS ticket was used?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 6, 2019 at 1:01 PM Viktor Dukhovni
<openssl-users@xxxxxxxxxxxx> wrote:
> On Tue, Feb 05, 2019 at 02:43:03PM -0800, Sam Roberts wrote:
> Your ticket rotation approach looks a bit fragile.

I agree, though perhaps I should not have described what was happening
as rotation. The test that was failing with TLS1.3 was one in which
clearing the ticket keys was supposed to invalidate previously issued
keys, but it wasn't (at least, not in the same way as it did for 1.2).

> Postfix keeps two session ticket keys in memory, one that's used
> to both encrypt new tickets and decrypt freshly issued tickets, and
> other that's used only decrypt unexpired tickets that were isssued
> just before the new key was introduced. This maintains session
> ticket continuity across a single key change. The key change interval
> is either equal to or is twice the maximum ticket lifetime, ensuring
> that tickets are only invalidated by expiration, not key rotation.

This seems a very reasonable approach, I may propose it as the default
after we have 1.3 support, thanks.

Cheers,
Sam
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux