@@ -4,9 +4,11 @@
package server
import (
" crypto/rand"
" crypto/tls"
" crypto/x509"
" fmt"
" io"
" io/ioutil"
" log"
" net"
@@ -18,6 +20,11 @@ import (
" time"
)
const (
tlsNewTicketEvery = time.Hour * 10 // generate a new ticket for TLS PFS encryption every so often
tlsNumTickets = 4 // hold and consider that many tickets to decrypt TLS sessions
)
// Server represents an instance of a server, which serves
// HTTP requests at a particular address (host and port). A
// server is capable of serving numerous virtual hosts on
@@ -28,6 +35,7 @@ type Server struct {
HTTP2 bool // whether to enable HTTP/2
tls bool // whether this server is serving all HTTPS hosts or not
OnDemandTLS bool // whether this server supports on-demand TLS (load certs at handshake-time)
tlsGovChan chan struct {} // close to stop the TLS maintenance goroutine
vhosts map [string ]virtualHost // virtual hosts keyed by their address
listener ListenerFile // the listener which is bound to the socket
listenerMu sync.Mutex // protects listener
@@ -216,6 +224,10 @@ func serveTLS(s *Server, ln net.Listener, tlsConfigs []TLSConfig) error {
return err
}
// Setup any goroutines governing over TLS settings
s.tlsGovChan = make (chan struct {})
go startTLSTicketKeyRotation (s.TLSConfig , s.tlsGovChan )
// Create TLS listener - note that we do not replace s.listener
// with this TLS listener; tls.listener is unexported and does
// not implement the File() method we need for graceful restarts
@@ -258,6 +270,11 @@ func (s *Server) Stop() (err error) {
}
s.listenerMu .Unlock ()
// Closing this signals any TLS governor goroutines to exit
if s.tlsGovChan != nil {
close (s.tlsGovChan )
}
return
}
@@ -378,6 +395,60 @@ func setupClientAuth(tlsConfigs []TLSConfig, config *tls.Config) error {
return nil
}
// startTLSTicketKeyRotation governs over the array of TLS ticket keys used to de/crypt TLS tickets.
// It periodically sets a new ticket key as the first one, used to encrypt (and decrypt),
// pushing any old ticket keys to the back, where they are considered for decryption only.
//
// Lack of entropy for the very first ticket key results in the feature being disabled (as does Go),
// later lack of entropy temporarily disables ticket key rotation.
// Old ticket keys are still phased out, though.
func startTLSTicketKeyRotation (c *tls.Config , exitChan chan struct {}) {
timer := time.NewTicker (tlsNewTicketEvery)
defer timer.Stop ()
// The entire page should be marked as sticky, but Go cannot do that
// without resorting to syscall#Mlock. And, we don't have madvise (for NODUMP), too. ☹
keys := make ([][32 ]byte , 1 , tlsNumTickets)
rng := c.Rand
if rng == nil {
rng = rand.Reader
}
if _ , err := io.ReadFull (rng, keys[0 ][:]); err != nil {
c.SessionTicketsDisabled = true // bail if we don't have the entropy for the first one
return
}
c.SetSessionTicketKeys (keys)
for {
select {
case _ , isOpen := <- exitChan:
if !isOpen {
return
}
case <- timer.C :
rng = c.Rand // could've changed since the start
if rng == nil {
rng = rand.Reader
}
var newTicketKey [32 ]byte
_ , err := io.ReadFull (rng, newTicketKey[:])
if len (keys) < tlsNumTickets {
keys = append (keys, keys[0 ]) // manipulates the internal length
}
for idx := len (keys) - 1 ; idx >= 1 ; idx-- {
keys[idx] = keys[idx-1 ] // yes, this makes copies
}
if err == nil {
keys[0 ] = newTicketKey
}
// pushes the last key out, doesn't matter that we don't have a new one
c.SetSessionTicketKeys (keys)
}
}
}
// RunFirstStartupFuncs runs all of the server's FirstStartup
// callback functions unless one of them returns an error first.
// It is the caller's responsibility to call this only once and
0 comments on commit
2923539