On 02/24/2015 03:17 PM, Nenad Merdanovic wrote: > This patchset adds support to configure TLS ticket keys used for > encryption and decryption of TLS tickets.
Hi Nenad, I find your patch very interesting and I have some questions about it. Is there a reason why it requires the number of active ticket keys to be exactly TLS_TICKETS_NO? I understand you don't want to retain a large number of active keys if you just keep appending keys to the file, but perhaps you could allow a smaller number of keys, provided that there is at least one? Don't you think that the documentation should mention that the file containing the TLS ticket keys should never be written to disk, but kept in RAM (using tmpfs for example) and prevented to be swapped to disk, as otherwise it would destroy any hope of forward secrecy? I believe you may want to use EVP_MAX_IV_LENGTH instead of 16 as the second parameter to RAND_pseudo_bytes(), as it may not be enough in the future for larger ciphers. I know nobody is doing it, but I believe the return value of RAND_pseudo_bytes() should be checked and -1 should be returned by ssl_tlsext_ticket_key_cb() if it is != 1. Same thing for EVP_EncryptInit_ex() and EVP_DecryptInit_ex(). Thank you! -- RĂ©mi
signature.asc
Description: OpenPGP digital signature
