Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: rotate session ticket keys #25256

Closed
FiloSottile opened this issue May 4, 2018 · 5 comments
Closed

crypto/tls: rotate session ticket keys #25256

FiloSottile opened this issue May 4, 2018 · 5 comments
Assignees
Labels
Milestone

Comments

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented May 4, 2018

When crypto/tls autogenerates session ticket keys, it should also automatically rotate them (with some window of overlap) for forward secrecy.

Split from #19199

@FiloSottile FiloSottile added the NeedsFix label May 4, 2018
@FiloSottile FiloSottile added this to the Go1.12 milestone May 4, 2018
@andybons andybons modified the milestones: Go1.12, Go1.13 Feb 12, 2019
@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019
@FiloSottile
Copy link
Member Author

@FiloSottile FiloSottile commented Sep 30, 2019

Let's do this, this is probably the biggest forward secrecy liability of a default crypto/tls server.

I am thinking of deprecating SessionTicketKey in favor of SetSessionTicketKeys, still randomizing it but not using it if it's zero and instead doing a periodic rotation, and of course still using it if set.

@rsc rsc modified the milestones: Go1.14, Backlog Oct 9, 2019
@FiloSottile FiloSottile modified the milestones: Backlog, Go1.15 Mar 31, 2020
@gopherbot
Copy link

@gopherbot gopherbot commented Apr 28, 2020

Change https://golang.org/cl/230679 mentions this issue: crypto/tls: rotate session ticket keys

@gopherbot
Copy link

@gopherbot gopherbot commented May 1, 2020

Change https://golang.org/cl/231317 mentions this issue: crypto/tls: rotate session keys

gopherbot pushed a commit that referenced this issue May 7, 2020
Also encode the certificates in a way that's more
consistent with TLS 1.3 (with a 24 byte length prefix).

Note that this will have an additional performance cost
requiring clients to do a full handshake every 7 days
where previously they were able to use the same ticket
indefinitely.

Updates #25256

Change-Id: Ic4d1ba0d92773c490b33b5f6c1320d557cc7347d
Reviewed-on: https://go-review.googlesource.com/c/go/+/231317
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
gopherbot pushed a commit that referenced this issue May 8, 2020
Automatically rotate session ticket keys for servers
that don't already have sessionTicketKeys and that
haven't called SetSessionTicketKeys.

Now, session ticket keys will be rotated every 24 hours
with a lifetime of 7 days. This adds a small performance
cost to existing clients that don't provide a session
ticket encrypted with a fresh enough session ticket key,
which would require a full handshake.

Updates #25256

Change-Id: I15b46af7a82aab9a108bceb706bbf66243a1510f
Reviewed-on: https://go-review.googlesource.com/c/go/+/230679
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
@katiehockman
Copy link
Member

@katiehockman katiehockman commented May 8, 2020

This has been fixed.

@gopherbot
Copy link

@gopherbot gopherbot commented Jun 1, 2020

Change https://golang.org/cl/235922 mentions this issue: crypto/tls: test that Clone copies session ticket key fields

gopherbot pushed a commit that referenced this issue Jun 3, 2020
Updates #25256

Change-Id: If16c42581f1cf3500fd7fd01c915e487f8025e55
Reviewed-on: https://go-review.googlesource.com/c/go/+/235922
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.