Welcome! Log In Create A New Profile

Advanced

Problem with ssl_session_ticket_key and ssl_session_cache

Posted by kylebonnici 
Problem with ssl_session_ticket_key and ssl_session_cache
March 03, 2016 07:06PM
I am currently doing my thesis on Origin Confusion and thus i am playing around to see how this can occur. Currently i am trying to share a cacher id session id's between all virtual hosts regardless of the IP/Interface they server but this was unsuccessful. Similarly I Want to define one ticket.key to encrypt all the session tickets regardless of the virtual hosts but only the first two hosts in the config below are using it. On the other hand if i remove the 192.168.50.12:/192.168.50.15 from all the virtual hosts then the ticket key is used over all virtual hosts.

I have the following configuration:

resolver 192.168.1.11;
ssl on;
ssl_session_timeout 5m;
ssl_session_tickets on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
ssl_session_ticket_key /etc/nginx/ssl/ticket.key
ssl_session_cache shared:SSL:20m;

server {
listen 192.168.50.12:443 ssl;
server_name www.page1.com cdn1.page1.com;

root /usr/share/nginx/www/page1.com;
index index.html index.htm;

ssl_certificate /etc/nginx/ssl/*.page1.com.cert.pem;
ssl_password_file /etc/nginx/ssl/pass;
ssl_certificate_key /etc/nginx/ssl/*.page1.com.key.pem;
ssl_trusted_certificate /etc/nginx/ssl/ca-chain-um-thesis.cert.pem;

location / {
try_files $uri $uri/ /index.html;
}

location /some/path {
proxy_set_header Host $arg_page;
proxy_pass_header Set-Cookie;
proxy_pass_header P3P;
proxy_pass $arg_prot://$arg_page$arg_path;
}

}

server {
listen 192.168.50.12:443 ssl;
server_name www.page2.com;

root /usr/share/nginx/www/page2.com;
index index.html index.htm;

ssl_certificate /etc/nginx/ssl/www.page2.com.cert.pem;
ssl_password_file /etc/nginx/ssl/pass;
ssl_certificate_key /etc/nginx/ssl/www.page2.com.key.pem;
ssl_trusted_certificate /etc/nginx/ssl/ca-chain-um-thesis.cert.pem;

location / {
try_files $uri $uri/ /index.html;
}

location /some/path {
proxy_set_header Host $arg_page;
proxy_pass_header Set-Cookie;
proxy_pass_header P3P;
proxy_pass $arg_prot://$arg_page$arg_path;
}
}

listen 192.168.50.15:443 ssl;
server_name www.pagna3.com;

root /usr/share/nginx/www/page3.com;
index index.html index.htm;

ssl_certificate /etc/nginx/ssl/www.pagna3.com.cert.pem;
ssl_password_file /etc/nginx/ssl/pass;
ssl_certificate_key /etc/nginx/ssl/www.pagna3.com.key.pem;
ssl_trusted_certificate /etc/nginx/ssl/ca-chain-um-thesis.cert.pem;

location / {
try_files $uri $uri/ /index.html;
}

location /some/path {
proxy_set_header Host $arg_page;
proxy_pass_header Set-Cookie;
proxy_pass_header P3P;
proxy_pass $arg_prot://$arg_page$arg_path;
}
}

server {
listen 192.168.50.15:443 ssl;
server_name www.pagna4.com;

root /usr/share/nginx/www/page4.com;
index index.html index.htm;

ssl_certificate /etc/nginx/ssl/www.pagna4.com.cert.pem;
ssl_password_file /etc/nginx/ssl/pass;
ssl_certificate_key /etc/nginx/ssl/www.pagna4.com.key.pem;
ssl_trusted_certificate /etc/nginx/ssl/ca-chain-um-thesis.cert.pem;

location / {
try_files $uri $uri/ /index.html;
}

location /some/path {
proxy_set_header Host $arg_page;
proxy_pass_header Set-Cookie;
proxy_pass_header P3P;
proxy_pass $arg_prot://$arg_page$arg_path;
}

}

for some reason the ssl_session_ticket_key is only being applied to the virtual hots with listen 192.168.50.12 similarly the virtual hosts are not sharing the same cache as defined by ssl_session_cache at the top.

Am i doing sorting wrong or this is by design?
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 140
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready