Hi everyone,
Some questions came up with regards to the SSLSessionTickets and
SSLSessionTicketKeyFile directives that we could not find a clear answer for.
Perhaps, someone on this mailing list could help answer these questions.
# SSLSessionTickets
It says in the documentation that Apache needs to be restarted with appropriate
frequency when SSLSessionTickets is enabled because Perfect Forward frequency
might be compromised otherwise. [1]
While it is clear that a restart causes the ticket key to be discarded and a
new one to be generated, there appears to be some confusion around whether a
graceful reload is sufficient.
Here is, for example, an abbreviated discussion on Github where the topic of
session tickets comes up for Apache: [2]
> szepeviktor - E.g. on Debian-based systems daily logrotate reloads Apache. *I
> hope a reload is enough.*
> tomato42 - IIRC reload is not sufficient, but it was a long time ago I last
> looked into it.
> szepeviktor - apache2ctl graceful *does* change the session ticket. [provides
> commands to reproduce what looks like changes to the session keys after
> graceful reload]
> szepeviktor - Also service apache2 reload does change the session ticket.
> tomato42 - Just because you cannot resume the session after a server reload
> does not mean that the ticket encryption key has changed - sessions being
> invalidated will have the same result
> szepeviktor - If I run it continuously the first 16 bytes don't change, only
> the rest. When I reload apache apache2ctl graceful then the first 16 bytes
> also changes. So I conclude that ticket encryption key is changed by the
> reload.
> tomato42 - From what I can see in openssl sources, the first 16 bytes of the
> ticket is the "name" of the key (essentially random data), so it changing
> does suggest the encryption key is changing too, but without looking into
> apache sources I can't tell for sure.
Here is another example, an extract of a question asked on StackOverflow, where
issues came up for session resumption with TLSv1.3, where full handshakes are
made after a graceful reload instead of session resumption, which appears to be
a different behavior than on TLSv1.2: [3]
> USP-dos - I think this is a very common use-case ("Allow to resume
> ssl-sessions after graceful restart") and should work with TLSv1.3 as it does
> with 1.2.
Further, I could not find anything in the changelog that would indicate a
change in behavior for the TLSSessionTicket directive. [4]
Am I correct to assume that Apache has to be restarted and that a graceful
reload in not sufficient?
Is there a difference between the handling of session ticket keys between
TLSv1.2 and TLSv1.3?
Is a graceful reload sufficient to rotate session ticket keys for TLSv1.2?
Is a graceful reload sufficient to rotate session ticket keys for TLSv1.3?
# SSLSessionTicketKeyFile
>From what I understand the restart is necessary for rotating the automatically
>generated session ticket key in absence of the SSLSessionTicketKeyFile
>directive, with which a specific key can be specified, for example, to share
>the key across multiple instance in order to enable session resumption across
>these instances. [5]
The documentation for the SSLSessionTicketKeyFile directive states that "all
existing session tickets become invalid after a restart". [5]
While I would expect this to be the behavior in absence of a
SSLSessionTicketKeyFile configuration, I would not expect this to be the case
when SSLSessionTicketKeyFile is used.
Am I correct in the assumption that a restart does not affect the validity of
the session tickets that use the key defined in the file specified with
SSLSessionTicketKeyFile if the key does not change in this file?
Any information would be appreciated!
Best,
Simon
[1] https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#SSLSessionTickets
[2] https://github.com/mozilla/server-side-tls/issues/135#issuecomment-289552896
[3]
https://stackoverflow.com/questions/60080365/apaches-sslsessioncache-not-working-correctly-with-tlsv1-3-and-graceful-restart
[4] https://downloads.apache.org/httpd/CHANGES_2.4
[5] https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#SSLSessionTicketKeyFile
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
