vulnarability surface. An attacker able to decrypt it would have access
all connections using the resumed session.
The session ticket encryption key is not committed to storage by the server
- and is rotated regularly. Tickets have limited lifetime.
+ and is rotated regularly (OpenSSL: 1hr, and one previous key is used for
+ overlap; GnuTLS 6hr but does not specify any overlap).
+ Tickets have limited lifetime (2hr, and new ones issued after 1hr under
+ OpenSSL. GnuTLS 2hr, appears to not do overlap).
There is a question-mark over the security of the Diffie-Helman parameters
used for session negotiation. TBD. q-value; cf bug 1895
New log_selector "tls_resumption", appends an asterisk to the tls_cipher "X="
element.
- Variables $tls_{in,out}_resumption have bit 0-4 indicating respectively
+ Variables $tls_{in,out}_resumption have bits 0-4 indicating respectively
support built, client requested ticket, client offered session,
server issued ticket, resume used. A suitable decode list is provided
in the builtin macro _RESUME_DECODE for ${listextract {}{}}.
Issues:
In a resumed session:
- $tls_{in,out}_certificate_verified will be unset (undler OpenSSL)
- verify = certificate will be false (undler OpenSSL)
+ $tls_{in,out}_certificate_verified will be set, and verify = certificate
+ will be true, when verify failed but tls_try_verify_hosts allowed the
+ connection (under OpenSSL)
$tls_{in,out}_cipher will have values different to the original (under GnuTLS)
- $tls_{in,out}_ocsp will be "not requested" or "no response"
+ $tls_{in,out}_ocsp will be "not requested" or "no response", and
+ hosts_require_ocsp will fail
--------------------------------------------------------------