Skip to content
This repository has been archived by the owner. It is now read-only.

TLS session ticket extension not working in cluster #5871

Closed
bajtos opened this issue Jul 19, 2013 · 4 comments

Comments

@bajtos
Copy link

commented Jul 19, 2013

The current implementation of TLS in node prevents resumption of TLS sessions via TLS session ticket extension when the application is running in a cluster.

The reason is that SSL_CTX_new initializes TLS session ticket algorithm with random values. The values are obviously different in every worker and therefore workers do not accept tickets from their neighbours. In OpenSSL, from ssl/ssl_lib.c:

/* Setup RFC4507 ticket keys */
if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
  || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
  || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
  ret->options |= SSL_OP_NO_TICKET;

To fix the issue, all workers must initialize openssl with the same key.

unsigned char keys[48];

/* TODO obtain a sequence of random 
   48 bytes shared by all workers */

/* Tell OpenSSL to use those keys */
SSL_CTX_set_tlsext_ticket_keys(ctx, keys, sizeof(keys));

A simple solution comes to my mind: we could generate the keys in the master process and distribute it to all workers. Either on cluster.fork or on demand via messages.

See this article [1] for more information and possible caveats.

//cc @indutny

[1] http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html

@bajtos

This comment has been minimized.

Copy link
Author

commented Jul 25, 2013

@bajtos Can it be back-ported to v0.10 too?

@bnoordhuis I don't think so. There is no tls_wrap in v0.10 and lib/cluster.js is completely different as well. You'd basically have to redo the PR from scratch. There's also the issue that this PR adds a new API, even if it's an internal one.

Can we at least modify the TLS server in v0.10 so that it disables TLS session tickets extensions when running in a cluster worker?

Otherwise I don't see any decent workaround for the problem (I don't count downgrading the server to SSLv3 or forcing your Chrome/Firefox users to not use tickets as solutions.)

EDIT: Disabling session tickets in workers will also remove most of the slowdown caused by #5872.

@indutny

This comment has been minimized.

Copy link
Member

commented Jul 27, 2013

You can pass require('constants').SSL_OP_NO_TICKET to secureOptions when creating tls server, this should make it work.

@bajtos

This comment has been minimized.

Copy link
Author

commented Jul 30, 2013

You can pass require('constants').SSL_OP_NO_TICKET to secureOptions when creating tls server, this should make it work.

Cool, I didn't know that option.

I discussed this with Ben on IRC and disabling SSL session tickets extension is probably not a good idea. The cluster in v0.10 is not round-robin, so there is a very high chance that most of your connections will be handled by the same worker.

@indutny

This comment has been minimized.

Copy link
Member

commented Jul 30, 2013

Kewl, +1 for this.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
2 participants
You can’t perform that action at this time.