Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable?

[Mark Felder <feld () feld me>]

On Wed, Feb 4, 2015, at 11:59, Reed Loden wrote:
> ... or you could do something like what Twitter did [0] and write your
> own
> scripts to generate new session ticket keys regularly and store them only
> in a tmpfs or /dev/shm type environment.
>
> agl also talks about this problem on his blog [1] a while ago.
>
> As for your earlier question, nginx has the same issue here [2]. Really
> all
> comes down to OpenSSL not making it easy to do better.
>
> ~reed
>
> [0] https://blog.twitter.com/2013/forward-secrecy-at-twitter
> [1] https://www.imperialviolet.org/2013/06/27/botchingpfs.html
> [2]
> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key

Okay, so the failure is two-pronged: the current limitations in OpenSSL
with regards to managing session ticket keys, and the use of session
tickets when PFS cipher is negotiated.


Thanks for all the details, guys.