Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] SSL: always renewing tickets with TLSv1.3 (ticket #1892)

Previous Message Next Message
Forum List Message List New Topic Print View
Sergey Kandaurov
January 24, 2022 07:38AM
> On 21 Jan 2022, at 06:57, Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> # HG changeset patch
> # User Maxim Dounin <mdounin@mdounin.ru>
> # Date 1642737110 -10800
> # Fri Jan 21 06:51:50 2022 +0300
> # Node ID cff51689a4a182cb11cba2eb9303e2bc21815432
> # Parent 96ae8e57b3dd1b10f29d3060bbad93b7f9357b92
> SSL: always renewing tickets with TLSv1.3 (ticket #1892).
>
> Chrome only use TLS session tickets once with TLS 1.3, likely following

uses ?

> RFC 8446 Appendix C.4 recommendation.

Besides that, there's a study [1] that discusses 3rd-party
tracking via session resumption. Although improvements
in TLS 1.3 that provide different PSK identities in session
tickets are used to protect against correlation by a passive
observer, the study suggests to completely deactivate TLS 1.3
session resumption for privacy reasons.

This might be also due to 0-RTT Anti-Replay guidance in case
the selection from available tickets is agnostic to 0-RTT.
Practical analysis in [2] demonstrates that Chrome(ium) indeed
selects among tickets never used before. It doesn't make clear
separation, though, whether this depends on sending 0-RTT.

[1] https://arxiv.org/abs/1810.07304
[2] "A Survey of TLS 1.3 0-RTT Usage", Mihael Liskij

> With OpenSSL, this works fine with
> built-in session tickets, since these are explicitly renewed in case of
> TLS 1.3 on each session reuse, but results in only two connections being
> reused after an initial handshake when using ssl_session_ticket_key.
>
> Fix is to always renew TLS session tickets in case of TLS 1.3 when using
> ssl_session_ticket_key, similarly to how it is done by OpenSSL internally.
>
> diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c
> +++ b/src/event/ngx_event_openssl.c
> @@ -4448,7 +4448,21 @@ ngx_ssl_session_ticket_key_callback(ngx_
> return -1;
> }
>
> - return (i == 0) ? 1 : 2 /* renew */;
> + /* renew if TLSv1.3 */
> +
> +#ifdef TLS1_3_VERSION
> + if (SSL_version(ssl_conn) == TLS1_3_VERSION) {
> + return 2;
> + }
> +#endif
> +
> + /* renew if non-default key */
> +
> + if (i != 0) {
> + return 2;
> + }
> +
> + return 1;
> }
> }
>

Looks good.

--
Sergey Kandaurov

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Reply Quote
RSS
Subject Author Views Posted

[PATCH] SSL: always renewing tickets with TLSv1.3 (ticket #1892)

Maxim Dounin 399 January 20, 2022 11:02PM

Re: [PATCH] SSL: always renewing tickets with TLSv1.3 (ticket #1892)

Sergey Kandaurov 155 January 24, 2022 07:38AM

Re: [PATCH] SSL: always renewing tickets with TLSv1.3 (ticket #1892)

Maxim Dounin 216 January 24, 2022 09:26AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 195
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready