> On 21 Jan 2022, at 06:57, Maxim Dounin <[email protected]> wrote: > > # HG changeset patch > # User Maxim Dounin <[email protected]> > # Date 1642737110 -10800 > # Fri Jan 21 06:51:50 2022 +0300 > # Node ID cff51689a4a182cb11cba2eb9303e2bc21815432 > # Parent 96ae8e57b3dd1b10f29d3060bbad93b7f9357b92 > SSL: always renewing tickets with TLSv1.3 (ticket #1892). > > Chrome only use TLS session tickets once with TLS 1.3, likely following
uses ? > RFC 8446 Appendix C.4 recommendation. Besides that, there's a study [1] that discusses 3rd-party tracking via session resumption. Although improvements in TLS 1.3 that provide different PSK identities in session tickets are used to protect against correlation by a passive observer, the study suggests to completely deactivate TLS 1.3 session resumption for privacy reasons. This might be also due to 0-RTT Anti-Replay guidance in case the selection from available tickets is agnostic to 0-RTT. Practical analysis in [2] demonstrates that Chrome(ium) indeed selects among tickets never used before. It doesn't make clear separation, though, whether this depends on sending 0-RTT. [1] https://arxiv.org/abs/1810.07304 [2] "A Survey of TLS 1.3 0-RTT Usage", Mihael Liskij > With OpenSSL, this works fine with > built-in session tickets, since these are explicitly renewed in case of > TLS 1.3 on each session reuse, but results in only two connections being > reused after an initial handshake when using ssl_session_ticket_key. > > Fix is to always renew TLS session tickets in case of TLS 1.3 when using > ssl_session_ticket_key, similarly to how it is done by OpenSSL internally. > > diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c > --- a/src/event/ngx_event_openssl.c > +++ b/src/event/ngx_event_openssl.c > @@ -4448,7 +4448,21 @@ ngx_ssl_session_ticket_key_callback(ngx_ > return -1; > } > > - return (i == 0) ? 1 : 2 /* renew */; > + /* renew if TLSv1.3 */ > + > +#ifdef TLS1_3_VERSION > + if (SSL_version(ssl_conn) == TLS1_3_VERSION) { > + return 2; > + } > +#endif > + > + /* renew if non-default key */ > + > + if (i != 0) { > + return 2; > + } > + > + return 1; > } > } > Looks good. -- Sergey Kandaurov _______________________________________________ nginx-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
