Hi Dirkjan,
On 3/2/2015 1:24 PM, Dirkjan Bussink wrote:
Hi all,
On Fri, Feb 27, 2015 at 07:56:48PM +0100, Nenad Merdanovic wrote:
This patchset adds support to configure TLS ticket keys used for
encryption and decryption of TLS tickets.
This is the 2nd version of the patchset that has been updated based on
suggestions from Willy TaRreau, Emeric Brun, Lukas Tribus and Remi Gacogne.
This is a great addition. I do have one question however. Are there also plans
to allow for rotating these tickets through the admin socket interface? In
order to get a system that’s actually properly forward secure, it’s needed to
rotate the session tickets from time to time so that forward secrecy is
actually preserved.
[..cut..]
Yes, I already mentioned this and am working on it, should be finished
fairly soon, mostly depending on the time I can allocate to it.
Regards,
Nenad
