Welcome! Log In Create A New Profile

Advanced

proper setup for forward secrecy

August 09, 2012 02:37PM
Hello,

I was reading an article written by Adam Langley and he says:

"You also need to be aware of Session Tickets in order to implement forward secrecy correctly. There are two ways to resume a TLS connection: either the server chooses a random number and both sides store the session information, of the server can encrypt the session information with a secret, local key and send that to the client. The former is called Session IDs and the latter is called Session Tickets.

But Session Tickets are transmitted over the wire and so the server's Session Ticket encryption key is capable of decrypting past connections. Most servers will generate a random Session Ticket key at startup unless otherwise configured, but you should check."

So my question is, how does nginx handle this?

Thanks
Subject Author Posted

proper setup for forward secrecy

eiji-gravion August 09, 2012 02:37PM

Re: proper setup for forward secrecy

Maxim Dounin August 10, 2012 05:08AM

Re: proper setup for forward secrecy

eiji-gravion August 10, 2012 05:42AM

Re: proper setup for forward secrecy

eiji-gravion September 18, 2012 04:34AM

Re: proper setup for forward secrecy

Maxim Dounin September 19, 2012 09:50AM

Re: proper setup for forward secrecy

eiji-gravion September 21, 2012 05:22PM

Re: proper setup for forward secrecy

Maxim Dounin September 24, 2012 10:42AM

Re: proper setup for forward secrecy

mastercan March 25, 2015 05:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 76
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready