On Mon, Aug 11, 2014 at 4:09 PM, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > Salt the session lookup key with all destination-specific and > security-relevant parameters. The Postfix SMTP client uses: > > ip, port, destination domain, mx hostname, server helo name, > protocol mask (SSL_OP_NO_SSLv2 | ...), cipherlist and, if > present, the DANE TLSA RRset. > > In Postfix sessions are shared between multiple processes, and cached > by default for an hour, so any of the above can change during that > time (newly started processes might be configured differently, ...). > > You need to figure in your case what information is sufficient in > the lookup key to avoid using a cached session that does not meet > the security properties you'd want from a new session. > I see.
> Sesssion tickets should NOT be stored on the server side, only the > encryption keys are stored, these should be rotated from time to > time. Postfix rotates the encryption keys once an hour, but stores > two sets of keys, the previous and the current, so it can validate > any unexpired sessions across key rotation. > Hmm.. maybe I worded this poorly, I meant to say you store the key (key->aes_key, key->hmac_key, key->expire_time) with the key_name, so later when it is called with enc=0 you can retreive those and can call EVP_DecryptInit_ex. And every new session (enc=1) gets a new key (aes_key, hmac_key) and key_name. Isn't this the case? > As for the client side cache, yes in a long-lived client cache you > also need to keep track of the session's age, and discard sufficiently > old sessions. Postfix runs a cache scan periodically, removing > stale entries, the cache scan is asynchronous in the event loop to > avoid garbage collection stall when the cache is large. > I see. Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
