Re: SSL_SESSION_set1_ticket ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 03, 2019 at 06:09:59PM -0400, Viktor Dukhovni wrote:

> > Ah, right.  Unlike GnuTLS, the STEK is tied to the SSL_CTX and,
> > as you say, Exim initialises that fresh per connection.
> > Rearchitecting that is more effort than it's worth spending
> > on TLS 1.2, I think.
> 
> Well, the *default* STEK is in the SSL_CTX, but that is not a
> requirement, and you should use the default STEK, since it is
> not automatically rolled over.

[ Correction: ... should *not* use the default STEK, ... ]

For an example ticket callback implementation, see:

    https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_server.c#L294-L337

On line 315:

    https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_server.c#L315

either the matching keyset (current active for creating a new ticket,
either active or previous when decrypting an existing ticket) is
selected, and the requested HMAC_CTX and EVP_CIPHER_CTX structures
are initialized appropriately.  Keyset, because the HMAC and AES
keys are separate.  The ticket encryption algorithm chosen by Postfix
defaults to aes-256-cbc.  OpenSSL does not support AEAD for ticket
encryption.

-- 
	Viktor.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux