[
https://issues.apache.org/jira/browse/TS-3301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14280597#comment-14280597
]
ASF subversion and git services commented on TS-3301:
-----------------------------------------------------
Commit d90560495a6e17ec1ff9f6577458a085f1572c6f in trafficserver's branch
refs/heads/master from [~bzeng]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=d905604 ]
TS-3301: improved TLS ticket rotation support
We all know that it is bad security practice to use the same
password/key all the time. This project tries to rotate TLS session
ticket keys periodically. When an admin runs "traffic_line -x" after
a new ticket key is put in the key file ssl_ticket.key, an event
will be generated and ATS will reconfigure SSL. The keys are read
in all at the same time and the first entry is the most recent key.
A new key is assumed to be put at the beginning of ssl_ticket.key
file and an old key is chopped off at the end from the file.
> TLS ticket rotation
> -------------------
>
> Key: TS-3301
> URL: https://issues.apache.org/jira/browse/TS-3301
> Project: Traffic Server
> Issue Type: New Feature
> Components: Core, SSL
> Reporter: Brian Geffon
> Assignee: James Peach
> Fix For: 5.3.0
>
> Attachments: traffic_line_rotation_6.diff
>
>
> We all know that it is bad security practice to use the same password/key all
> the time. This project tries to rotate TLS session ticket keys periodically.
> When an admin runs "traffic_line -x" after a new ticket key is put in the key
> file ssl_ticket.key, an event will be generated and ATS will reconfigure SSL.
> The keys are read in all at the same time and the first entry is the most
> recent key. A new key is assumed to be put at the beginning of ssl_ticket.key
> file and an old key is chopped off at the end from the file.
> Author: Bin Zeng <[email protected]>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
