Static TLS ticket keys (Re: svn commit: r1200040 - in /httpd/httpd/trunk: CHANGES modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h)

[Kaspar Brand <ht...@velox.ch>]

On 20.11.2011 11:37, Kaspar Brand wrote:
> I see. What I don't completely understand yet, however, is the need /
> use case for keeping multiple decryption keys around per
> SSLSrvConfigRec. When switching to a new key (with a reload/restart),
> session tickets encrypted with the previous keys should no longer get
> decrypted - otherwise those sessions effectively become perpetual... or
> am I overlooking something?
> 
> I.e., could we just drop the SSLTicketKeyDefault directive and remove
> the "keyname" part from SSLTicketKeyFile, so that there's simply one
> ticket key (file) per SSLSrvConfigRec? That would make the configuration
> simpler, IMO.

Replying to myself (sorry), but this should be sorted out before 2.4.0,
IMO. Unless there are strong arguments for keeping the
multiple-decryption-keys-per-SSL-context feature, I think that this
option should be removed - i.e., only allow to configure one key per
vhost with the SSLTicketKeyFile directive (I can take care of that if no
one beats me to it).

The following post from Adam Langley might also be of interest in this
context - it summarizes Google's recent improvements in the HTTPS area:
http://www.imperialviolet.org/2011/11/22/forwardsecret.html (one of them
is about session tickets... and note that they do not use persistent
storage for these ephemeral keys).

Kaspar