-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to configure encryption seed for TLS 1.3 stateless tickets #5982
Add option to configure encryption seed for TLS 1.3 stateless tickets #5982
Conversation
CT Test Results 2 files 64 suites 48m 21s ⏱️ For more details on these failures, see this check. Results for commit 489c3a3. ♻️ This comment has been updated with latest results. To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass. See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally. Artifacts// Erlang/OTP Github Action Bot |
I think that one of the main use cases for stateless session tickets is to work across multiple server instances. So I think this looks interesting. I added a testing label to start with, and we will get back to you later. |
current status update
Today our bloom filter is accepting tickets before 1st rotation of data structure. Even though, when generating random values (as today) for a listen socket, we will reject a ticket from previous incarnation of ssl server. I've added some tests in #6055 |
@u3s Sorry for the late response, I have been away from my computer. I plan to get back to this later this week. |
#6055 is merged |
9dd6d6c
to
4ad9642
Compare
Are you thinking about adding a warning to the
Yes, I think it makes sense to add this "warm-up" period. Do you want me to do that in this PR or can it be deferred to another PR?
The tests pass as they are right now, but |
Yes, please - to make option users aware/remind of risks associated with it. Maybe use
I think it would be preferred if this PR would include bloom filter adjustment, because after adding encryption seed option bloom filter missing implementation will be potentially exposed. With random being generated upon socket creation (before this PR), missing warm-up is not a problem as tickets from previous instance of server will not be usable. This would be nice to have (pretty easy to implement I guess):
What will be more tricky is what happens with legacy tests after adding warm-up to |
4ad9642
to
b79af24
Compare
@u3s Please review the pushed changes. As expected, the added warm-up breaks a a few of the test cases in |
This enables TLS 1.3 stateless session tickets to work across multiple server instances by allowing the user to configure the same encryption seed in each instance, through a newly added `stateless_tickets_seed` ssl server option.
b79af24
to
09ef93f
Compare
As per RFC 8446 8.2 Client Hello Recording: "When implementations are freshly started, they SHOULD reject 0-RTT as long as any portion of their recording window overlaps the startup time. Otherwise, they run the risk of accepting replays which were originally sent during that period." Before the `stateless_tickets_seed` option, when ticket encryption secrets were generated upon socket creation, this wasn't necessary since tickets from a previous instance of a server were not usable anyway. The "warm-up" is only enabled when the `stateless_tickets_seed` option is specified, such that this change doesn't affect legacy flows when the options isn't specified. Only enable warm up when seed option is specified
09ef93f
to
489c3a3
Compare
@u3s I'm not sure what went wrong with the PR pipeline. Some build tasks failed with |
@u3s Would you mind taking another look at this PR? |
sorry for holiday period related delay. we will have a look on this soon. |
thanks for contribution! |
This enables TLS 1.3 stateless session tickets to work across multiple
server instances by allowing the user to configure the same encryption
seed in each instance, through a newly added
stateless_tickets_seed
ssl server option.
Closes #5962.