We should use nginx's newly-supported feature (plus scripts we should write) to perform staggered master encryption key rollovers for RFC 5077 session tickers.
|Duplicate||BBlack||T86671 HTTPS RFC5077 session tickets encryption key rollovers|
|Resolved||BBlack||T86648 Upgrade all HTTP frontends to Debian jessie|
|Resolved||BBlack||T88996 jessie kernel vm subsystem issues for upload caches|
For the time being, we've decided to simply disable RFC5077 session tickets in the new jessie setup, as we're using client IP hashing for session id resumption, and it sidesteps the whole issue of the affect of RFC5077 on PFS.
As part of the change for this ( https://gerrit.wikimedia.org/r/#/c/189613/ ), we implemented a cronjob to roll over the keys in a simple manner on the legacy boxes (as tickets can't be disabled there), so closing this issue for now. We can raise a new issue if/when we decide to re-architect our scalability around RFC5077 mechanisms at a later date.
Re-opening this. Current thinking is we will eventually do this, and it's do-able with our current software stack. Just requires some engineering effort on secure distribution and synchronized rotation of a set of randomly-generated keys...
We still haven't had time to work on doing this "right". Most likely the effort is better invested doing similar things on the TLSv1.3 side at this point, rather than trying to tack on RFC5077 for TLSv1.2.