Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: Support for session ticket key rotation #9994

Closed
titanous opened this issue Feb 25, 2015 · 4 comments
Closed

crypto/tls: Support for session ticket key rotation #9994

titanous opened this issue Feb 25, 2015 · 4 comments
Labels
FrozenDueToAge
Milestone
Go1.5

Comments

@titanous
Copy link
Member

In order to rotate session ticket keys effectively, it is useful for the TLS server implementation to support accepting connections with tickets encrypted with previous key(s). Currently the server supports a single session ticket key, and it is not easy to rotate the key. Also, the server cannot be configured to accept tickets encrypted with old keys.

One solution to this is to add two optional fields to *tls.Config:

// GetSessionTicketKey returns the current session ticket key.
GetSessionTicketKey func(*ClientHelloInfo) ([32]byte, error)

// AllowPreviousSessionTicketKeys specifies the number of previous
// unique session ticket keys retrieved from GetSessionTicketKey that
// will be used to accept session tickets.
AllowPreviousSessionTicketKeys int

This way the server could cache n previous keys and when a session ticket using an old key is encountered it would send a new session ticket encrypted with the current key.

This is certainly not the only approach that could be taken, just a strawman proposal to start discussion.

/cc @agl
@rsc
Copy link
Contributor

rsc commented Apr 10, 2015

Adam, thoughts?

@rsc rsc added this to the Go1.5Maybe milestone Apr 10, 2015
@agl agl self-assigned this Apr 12, 2015
@agl agl modified the milestones: Unplanned, Go1.5Maybe Apr 12, 2015
@agl
Copy link
Contributor

agl commented Apr 12, 2015

This is a reasonable request for larger sites. However, I don't expect that it'll make 1.5.

Since this will require a lock in the Config structure, I initially think that it might be best supported by a function: tls.Config.SetSessionTicketKeys([][32]byte) where the first element in the slice is the 'current' key and all the others are candidates.

@titanous
Copy link
Member Author

https://go-review.googlesource.com/9072

@gopherbot
Copy link

CL https://golang.org/cl/9072 mentions this issue.

@agl agl closed this as completed in bff1417 Apr 26, 2015
@mikioh mikioh modified the milestones: Go1.5, Unplanned May 15, 2015
@jbeda jbeda mentioned this issue Oct 15, 2015
Closed
@golang golang locked and limited conversation to collaborators Aug 8, 2016
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@titanous @agl
crypto/tls: add support for session ticket key rotation
7576470 
This change adds a new method to tls.Config, SetSessionTicketKeys, that
changes the key used to encrypt session tickets while the server is
running. Additional keys may be provided that will be used to maintain
continuity while rotating keys. If a ticket encrypted with an old key is
provided by the client, the server will resume the session and provide
the client with a ticket encrypted using the new key.

Fixes golang#9994

Change-Id: Idbc16b10ff39616109a51ed39a6fa208faad5b4e
Reviewed-on: https://go-review.googlesource.com/9072
Reviewed-by: Jonathan Rudenberg <jonathan@titanous.com>
Reviewed-by: Adam Langley <agl@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@titanous @agl
crypto/tls: add support for session ticket key rotation
03a329f 
This change adds a new method to tls.Config, SetSessionTicketKeys, that
changes the key used to encrypt session tickets while the server is
running. Additional keys may be provided that will be used to maintain
continuity while rotating keys. If a ticket encrypted with an old key is
provided by the client, the server will resume the session and provide
the client with a ticket encrypted using the new key.

Fixes golang#9994

Change-Id: Idbc16b10ff39616109a51ed39a6fa208faad5b4e
Reviewed-on: https://go-review.googlesource.com/9072
Reviewed-by: Jonathan Rudenberg <jonathan@titanous.com>
Reviewed-by: Adam Langley <agl@golang.org>
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.5
Development

No branches or pull requests
5 participants
@titanous @agl @mikioh @rsc @gopherbot