Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: rotate session ticket keys #25256

Closed
FiloSottile opened this issue May 4, 2018 · 5 comments
Closed

crypto/tls: rotate session ticket keys #25256

FiloSottile opened this issue May 4, 2018 · 5 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Go1.15

Comments

@FiloSottile
Copy link
Contributor

When crypto/tls autogenerates session ticket keys, it should also automatically rotate them (with some window of overlap) for forward secrecy.

Split from #19199
@FiloSottile FiloSottile added the NeedsFix The path to resolution is known, but the work has not been done. label May 4, 2018
@FiloSottile FiloSottile added this to the Go1.12 milestone May 4, 2018
@andybons andybons modified the milestones: Go1.12, Go1.13 Feb 12, 2019
@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019
@FiloSottile
Copy link
Contributor Author

Let's do this, this is probably the biggest forward secrecy liability of a default crypto/tls server.

I am thinking of deprecating SessionTicketKey in favor of SetSessionTicketKeys, still randomizing it but not using it if it's zero and instead doing a periodic rotation, and of course still using it if set.

@rsc rsc modified the milestones: Go1.14, Backlog Oct 9, 2019
@FiloSottile FiloSottile modified the milestones: Backlog, Go1.15 Mar 31, 2020
@gopherbot
Copy link

Change https://golang.org/cl/230679 mentions this issue: crypto/tls: rotate session ticket keys

@gopherbot
Copy link

Change https://golang.org/cl/231317 mentions this issue: crypto/tls: rotate session keys

gopherbot pushed a commit that referenced this issue May 7, 2020
@katiehockman
crypto/tls: rotate session keys in older TLS versions
6ea19bb 
Also encode the certificates in a way that's more
consistent with TLS 1.3 (with a 24 byte length prefix).

Note that this will have an additional performance cost
requiring clients to do a full handshake every 7 days
where previously they were able to use the same ticket
indefinitely.

Updates #25256

Change-Id: Ic4d1ba0d92773c490b33b5f6c1320d557cc7347d
Reviewed-on: https://go-review.googlesource.com/c/go/+/231317
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
gopherbot pushed a commit that referenced this issue May 8, 2020
@katiehockman
crypto/tls: rotate session ticket keys
43f2f50 
Automatically rotate session ticket keys for servers
that don't already have sessionTicketKeys and that
haven't called SetSessionTicketKeys.

Now, session ticket keys will be rotated every 24 hours
with a lifetime of 7 days. This adds a small performance
cost to existing clients that don't provide a session
ticket encrypted with a fresh enough session ticket key,
which would require a full handshake.

Updates #25256

Change-Id: I15b46af7a82aab9a108bceb706bbf66243a1510f
Reviewed-on: https://go-review.googlesource.com/c/go/+/230679
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
@katiehockman
Copy link
Contributor

This has been fixed.

@marten-seemann marten-seemann mentioned this issue May 27, 2020
Open
@gopherbot
Copy link

Change https://golang.org/cl/235922 mentions this issue: crypto/tls: test that Clone copies session ticket key fields

gopherbot pushed a commit that referenced this issue Jun 3, 2020
@katiehockman
crypto/tls: test that Clone copies session ticket key fields
23dcee6 
Updates #25256

Change-Id: If16c42581f1cf3500fd7fd01c915e487f8025e55
Reviewed-on: https://go-review.googlesource.com/c/go/+/235922
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
@golang golang locked and limited conversation to collaborators Jun 1, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Go1.15
Development

No branches or pull requests
5 participants
@rsc @andybons @FiloSottile @gopherbot @katiehockman