Welcome! Log In Create A New Profile

Advanced

Re: proper setup for forward secrecy

Maxim Dounin
September 24, 2012 10:42AM
Hello!

On Fri, Sep 21, 2012 at 05:22:14PM -0400, eiji-gravion wrote:

> Maxim Dounin Wrote:
> -------------------------------------------------------
> > Hello!
> >
> > On Tue, Sep 18, 2012 at 04:34:30AM -0400, eiji-gravion wrote:
> >
> > > Still curious about this, it would be nice to have a way to rotate
> > these
> > > keys without having to restart the server.
> >
> > Looking though OpenSSL code suggests keys are generated on SSL_CTX
> > creation (at least as of OpenSSL 1.0.1c, see SSL_CTX_new() in
> > ssl/ssl_lib.c), that is, they are rotated by nginx configuration
> > reload.
>
> Is this all that can be done?
>
> It just seems kind of hackish to need a cronjob set to do a configuration
> reload to rotate these keys.
>
> Would it be possible to have some type of configuration option that does
> this without a total config reload? Perhaps even a user-defined rotation
> time in minutes?

This is something you may suggest to OpenSSL folks, as nginx
doesn't do anything here. What we are talking about is OpenSSL's
default behaviour, without a single line of code on nginx side.

> This seems like a pretty important thing to have, most people who are
> running DH/ECDHE ciphersuites probably don't even realize that they aren't
> really getting forward secrecy...

This depends on how do you define "forward secrecy".

Certainly it won't be possible to decrypt past communications on
private key compromise, that is - secure destruction of disks with
old private keys isn't needed.

The bad thing which may happen with session tickets is a running
server takeover. This would theoretically allow to extract
current session ticket key from server's memory and decrypt past
sessions which used session tickets encrypted with the current
key. But this is quite a different from no forward secrecy at
all, as the key in question is more or less short-lived anyway.

It would be fine to have more control on the key lifetime instead
of relying on new key generation on server startup/configuration
reload. But someone has to actually implement this.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

proper setup for forward secrecy

eiji-gravion August 09, 2012 02:37PM

Re: proper setup for forward secrecy

Maxim Dounin August 10, 2012 05:08AM

Re: proper setup for forward secrecy

eiji-gravion August 10, 2012 05:42AM

Re: proper setup for forward secrecy

eiji-gravion September 18, 2012 04:34AM

Re: proper setup for forward secrecy

Maxim Dounin September 19, 2012 09:50AM

Re: proper setup for forward secrecy

eiji-gravion September 21, 2012 05:22PM

Re: proper setup for forward secrecy

Maxim Dounin September 24, 2012 10:42AM

Re: proper setup for forward secrecy

mastercan March 25, 2015 05:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 71
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready