On Wed, Feb 25, 2015 at 12:09 PM, Lukas Tribus <[email protected]> wrote:
> > If a site has N haproxy hosts, how should new ticket-keys be > > distributed (and processes reloaded) and avoid the race condition of > > some hosts using the new keys before those keys are on all hosts? > > You distribute the new key to all instances for decryption, but use > the penultimate key for encryption instead of the ultimate key: > > https://blog.cloudflare.com/tls-session-resumption-full-speed-and-secure/ > > That is a nice solution. I didn't understand that was the behavior from reading the documentation patch from the OP. This makes it sound like the last key is used for encryption and not the next-to-last (penultimate). +tls-ticket-keys <keyfile> + Sets the TLS ticket keys file to load the keys from. The keys need to be 48 + bytes long, encoded with base64 (ex. openssl rand -base64 48). Number of keys + is specified by the TLS_TICKETS_NO build option (default 3) and at least as + many keys need to be present in the file. Last TLS_TICKETS_NO keys will be + used for decryption and only the last one for encryption. This enables easy + key rotation by just appending new key to the file and reloading the process. -Bryan
