New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: Support for session ticket key rotation #9994
Comments
Adam, thoughts? |
This is a reasonable request for larger sites. However, I don't expect that it'll make 1.5. Since this will require a lock in the Config structure, I initially think that it might be best supported by a function: tls.Config.SetSessionTicketKeys([][32]byte) where the first element in the slice is the 'current' key and all the others are candidates. |
CL https://golang.org/cl/9072 mentions this issue. |
This change adds a new method to tls.Config, SetSessionTicketKeys, that changes the key used to encrypt session tickets while the server is running. Additional keys may be provided that will be used to maintain continuity while rotating keys. If a ticket encrypted with an old key is provided by the client, the server will resume the session and provide the client with a ticket encrypted using the new key. Fixes golang#9994 Change-Id: Idbc16b10ff39616109a51ed39a6fa208faad5b4e Reviewed-on: https://go-review.googlesource.com/9072 Reviewed-by: Jonathan Rudenberg <jonathan@titanous.com> Reviewed-by: Adam Langley <agl@golang.org>
This change adds a new method to tls.Config, SetSessionTicketKeys, that changes the key used to encrypt session tickets while the server is running. Additional keys may be provided that will be used to maintain continuity while rotating keys. If a ticket encrypted with an old key is provided by the client, the server will resume the session and provide the client with a ticket encrypted using the new key. Fixes golang#9994 Change-Id: Idbc16b10ff39616109a51ed39a6fa208faad5b4e Reviewed-on: https://go-review.googlesource.com/9072 Reviewed-by: Jonathan Rudenberg <jonathan@titanous.com> Reviewed-by: Adam Langley <agl@golang.org>
In order to rotate session ticket keys effectively, it is useful for the TLS server implementation to support accepting connections with tickets encrypted with previous key(s). Currently the server supports a single session ticket key, and it is not easy to rotate the key. Also, the server cannot be configured to accept tickets encrypted with old keys.
One solution to this is to add two optional fields to
*tls.Config
:This way the server could cache n previous keys and when a session ticket using an old key is encountered it would send a new session ticket encrypted with the current key.
This is certainly not the only approach that could be taken, just a strawman proposal to start discussion.
/cc @agl
The text was updated successfully, but these errors were encountered: