Page MenuHomePhabricator

HTTPS RFC5077 session tickets encryption key rollovers
Closed, DuplicatePublic


We should use nginx's newly-supported feature (plus scripts we should write) to perform staggered master encryption key rollovers for RFC 5077 session tickers.

Event Timeline

faidon raised the priority of this task from to High.
faidon updated the task description. (Show Details)
faidon added subscribers: Aklapper, faidon, mark, BBlack.
BBlack claimed this task.

For the time being, we've decided to simply disable RFC5077 session tickets in the new jessie setup, as we're using client IP hashing for session id resumption, and it sidesteps the whole issue of the affect of RFC5077 on PFS.

As part of the change for this ( ), we implemented a cronjob to roll over the keys in a simple manner on the legacy boxes (as tickets can't be disabled there), so closing this issue for now. We can raise a new issue if/when we decide to re-architect our scalability around RFC5077 mechanisms at a later date.

Re-opening this. Current thinking is we will eventually do this, and it's do-able with our current software stack. Just requires some engineering effort on secure distribution and synchronized rotation of a set of randomly-generated keys...

BBlack lowered the priority of this task from High to Medium.Aug 7 2015, 1:44 PM
BBlack edited projects, added Traffic; removed HTTPS-by-default.
BBlack set Security to None.

We still haven't had time to work on doing this "right". Most likely the effort is better invested doing similar things on the TLSv1.3 side at this point, rather than trying to tack on RFC5077 for TLSv1.2.