On 3/24/26 12:10 AM, Mykola Yurchenko via dev wrote: > ovsdb-server's SSL context does not call SSL_CTX_set_session_id_context(). > When a TLS client attempts session resumption, by sending a cached > session ticket, OpenSSL rejects it with: > > SSL_accept: error:0A000115:SSL routines::session id context uninitialized > > Per SSL_CTX_set_session_id_context(3): > > "If the session id context is not set on an SSL/TLS server and client > certificates are used, stored sessions will not be reused but a fatal > error will be flagged and the handshake will fail." > > This patch calls SSL_CTX_set_session_id_context() to fix the issue. > > Signed-off-by: Mykola Yurchenko <[email protected]> > ---
Hi, Mykola. Thanks for the patch! See some comments below. > AUTHORS.rst | 1 + > lib/stream-ssl.c | 3 +++ > 2 files changed, 4 insertions(+) > > diff --git a/AUTHORS.rst b/AUTHORS.rst > index 037851ad1..8bb716739 100644 > --- a/AUTHORS.rst > +++ b/AUTHORS.rst > @@ -362,6 +362,7 @@ Miro Tomaska [email protected] > Mohammad Heib [email protected] > Moshe Levi [email protected] > Murphy McCauley [email protected] > +Mykola Yurchenko [email protected] > Natasha Gude > Neal Shrader [email protected] > Neil McKee [email protected] nit: There is no need to include the AUTHORS update in the patch, maintainers will handle this. > diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c > index c8eb26b2a..c573479f2 100644 > --- a/lib/stream-ssl.c > +++ b/lib/stream-ssl.c > @@ -1080,6 +1080,9 @@ do_ssl_init(void) > SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | > SSL_VERIFY_FAIL_IF_NO_PEER_CERT, > NULL); > SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); > + > + /* Required by SSL_CTX_set_session_id_context(3) when SSL_VERIFY_PEER is > set. */ As the bot noted, this line is a little too long. The standard limit is 79. Also, I'm not sure this is fully accurate, and may be a little confusing. The man page doesn't say that explicitly. And the main reason for this call is to enable session resumption. That's what the comment should be talking about. May also be worth noting here that while the session cache is disabled on the previous line, OpenSSL still requires session id context for session ticket validation, which is enabled. > + SSL_CTX_set_session_id_context(ctx, (const unsigned char *)"ovs", 3); I'd suggest we mix in the VERSION here. Seems like a good practice to do so. May also add an empty line here. A bit more important thing here, however: Today the resumption is practically not possible, due to cache being disabled and the context id not set, so every connection is always using up-to-date key material. If we configure the session id context, then the session ticket mechanism will be available to the clients. Resumption process uses the data from the cached ticket. After the certificate/key rotation, the resumed session will keep using the secrets derived from the old certificate and the key. In case the private key was compromised, rotated and the re-connection forced, the clients will resume their compromised connections and will not re-negotiate using the new key material. So, if we're going to enable resumption, we must also flush the sessions on cert/key rotation. One way to do that is to change the session id context, e.g. by updating it with a sequence number. Alternative is to just turn off the tickets with SSL_OP_NO_TICKET, similarly how we disable the session cache. Might be simpler, and doesn't require much thinking about key rotations and other possible attack vectors. Best regards, Ilya Maximets. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
