Page MenuHomePhabricator

ATS TLS session cache efficiency reduced in TLSv1.3
Closed, ResolvedPublic

Description

As seen on T245419, ATS is able to resume a TLSv1.3 session using stateful tickets, but it doesn't mean that it's able to do it in an effective manner.

ATS doesn't set the number of tickets to be issued at any point (SSL_CTX_set_num_tickets / SSL_set_num_tickets). Hence the default OpenSSL values are being used: 2 tickets for a new session and 1 ticket for a reused session.

This combined with using stateful tickets (SSL_OP_NO_TICKET for TLSv1.3), triggers two inserts on the session cache every time that a new TLS session is created and one session every time that it's reused.

openssl new session
$ openssl s_client -tls1_3 -connect 127.0.0.1:443 2>&1 < /dev/null |fgrep -A 2 "TLS session ticket:"
    TLS session ticket:
    0000 - 1b ba ba 15 6b fc 07 7e-6b f2 36 07 f5 72 d2 60   ....k..~k.6..r.`
    0010 - 3e c7 9f 47 e4 ba 62 cd-44 01 66 61 2b f3 4f 85   >..G..b.D.fa+.O.
--
    TLS session ticket:
    0000 - fc da db c1 c8 14 02 63-f8 81 63 c8 8d 99 fe 24   .......c..c....$
    0010 - d6 33 38 b1 2c 95 cd 5f-ad 9a e9 5e bb dd fb 9e   .38.,.._...^....

and ATS debug ssl debug log notifies two insertions on the session cache (one per ticket):

ATS new session
$ sudo -i journalctl -u trafficserver-tls --since="5min ago" |grep -i "Inserting session"
Feb 18 12:23:19 traffic-cache-atstext-buster traffic_manager[333]: [Feb 18 12:23:19.900] {0x7fd812fee700} DEBUG: <SSLSessionCache.cc:108 (insertSession)> (ssl.session_cache.insert) SessionCache using bucket 324 (0x7fd811d2b898): Inserting session '1BBABA156BFC077E6BF23607F572D2603EC79F47E4BA62CD440166612BF34F85' (hash: 854FF32B61660144).
Feb 18 12:23:19 traffic-cache-atstext-buster traffic_manager[333]: [Feb 18 12:23:19.900] {0x7fd812fee700} DEBUG: <SSLSessionCache.cc:127 (insertSession)> (ssl.session_cache) Inserting session '1BBABA156BFC077E6BF23607F572D2603EC79F47E4BA62CD440166612BF34F85' to bucket 0x7fd811d2b898.
Feb 18 12:23:19 traffic-cache-atstext-buster traffic_manager[333]: [Feb 18 12:23:19.900] {0x7fd812fee700} DEBUG: <SSLSessionCache.cc:108 (insertSession)> (ssl.session_cache.insert) SessionCache using bucket 6829 (0x7fd811d5e5b8): Inserting session 'FCDADBC1C8140263F88163C88D99FE24D63338B12C95CD5FAD9AE95EBBDDFB9E' (hash: 9EFBDDBB5EE99AAD).
Feb 18 12:23:19 traffic-cache-atstext-buster traffic_manager[333]: [Feb 18 12:23:19.900] {0x7fd812fee700} DEBUG: <SSLSessionCache.cc:127 (insertSession)> (ssl.session_cache) Inserting session 'FCDADBC1C8140263F88163C88D99FE24D63338B12C95CD5FAD9AE95EBBDDFB9E' to bucket 0x7fd811d5e5b8.

If a session is successfully reused, ATS emits one ticket, triggering another write on the session cache:

openssl reused session
$ openssl sess_id -in /tmp/sess -text -noout |fgrep -A 2 "TLS session ticket:"
    TLS session ticket:
    0000 - 72 41 c7 a7 c1 4c cb 00-27 8b a0 8d b3 7f 89 7c   rA...L..'......|
    0010 - 9f 64 f9 95 33 84 3d f2-be bd 3a 02 c5 d4 cb 13   .d..3.=...:.....
$ openssl s_client -tls1_3 -connect 127.0.0.1:443 -sess_in /tmp/sess 2>&1 < /dev/null |egrep -A 2 "(Reused|TLS session ticket:)"
Reused, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
Server public key is 256 bit
Secure Renegotiation IS NOT supported
--
    TLS session ticket:
    0000 - 28 08 5a 9e c4 66 94 1f-8a a3 de 82 45 9e 6a dc   (.Z..f......E.j.
    0010 - 67 64 41 6e 3c dc 13 84-ef ee a1 9f dd 78 bd 21   gdAn<........x.!
ATS reused session
Feb 18 12:27:04 traffic-cache-atstext-buster traffic_manager[333]: [Feb 18 12:27:04.727] {0x7fd812fee700} DEBUG: <SSLSessionCache.cc:71 (getSession)> (ssl.session_cache.get) SessionCache looking in bucket 15806 (0x7fd811da47d8) for session '7241C7A7C14CCB00278BA08DB37F897C9F64F99533843DF2BEBD3A02C5D4CB13' (hash: 13CBD4C5023ABDBE).
Feb 18 12:27:04 traffic-cache-atstext-buster traffic_manager[333]: [Feb 18 12:27:04.727] {0x7fd812fee700} DEBUG: <SSLSessionCache.cc:223 (getSession)> (ssl.session_cache) Looking for session with id '7241C7A7C14CCB00278BA08DB37F897C9F64F99533843DF2BEBD3A02C5D4CB13' in bucket 0x7fd811da47d8
Feb 18 12:27:04 traffic-cache-atstext-buster traffic_manager[333]: [Feb 18 12:27:04.730] {0x7fd812fee700} DEBUG: <SSLSessionCache.cc:108 (insertSession)> (ssl.session_cache.insert) SessionCache using bucket 28399 (0x7fd811e06df8): Inserting session '28085A9EC466941F8AA3DE82459E6ADC6764416E3CDC1384EFEEA19FDD78BD21' (hash: 21BD78DD9FA1EEEF).
Feb 18 12:27:04 traffic-cache-atstext-buster traffic_manager[333]: [Feb 18 12:27:04.730] {0x7fd812fee700} DEBUG: <SSLSessionCache.cc:127 (insertSession)> (ssl.session_cache) Inserting session '28085A9EC466941F8AA3DE82459E6ADC6764416E3CDC1384EFEEA19FDD78BD21' to bucket 0x7fd811e06df8.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 18 2020, 12:50 PM
Vgutierrez renamed this task from ATS session cache efficiency reduced in TLSv1.3 to ATS TLS session cache efficiency reduced in TLSv1.3.Feb 18 2020, 12:51 PM
Vgutierrez triaged this task as Medium priority.
Vgutierrez updated the task description. (Show Details)Feb 18 2020, 12:55 PM
Vgutierrez moved this task from Triage to TLS on the Traffic board.Feb 19 2020, 1:14 PM

This has been mitigated by providing support for TLS Session Tickets (T245616) and reducing the number of issued tickets on new connections from 2 to 1 by submitting this patch to ATS: https://github.com/apache/trafficserver/pull/6424.

Regarding tickets on reused connections, that's recommended by RFC 8446:

C.4. Client Tracking Prevention

Clients SHOULD NOT reuse a ticket for multiple connections. Reuse of
a ticket allows passive observers to correlate different connections.
Servers that issue tickets SHOULD offer at least as many tickets as
the number of connections that a client might use; for example, a web
browser using HTTP/1.1 [RFC7230] might open six connections to a
server. Servers SHOULD issue new tickets with every connection.
This ensures that clients are always able to use a new ticket when
creating a new connection.