[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14071797#comment-14071797 ] ASF GitHub Bot commented on TS-1146: Github user asfgit closed the pull request at: https://github.com/apache/trafficserver/pull/96 > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: New Feature > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 4.2.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch, session_ticket_review.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14065168#comment-14065168 ] ASF subversion and git services commented on TS-1146: - Commit e6e0089b55f041b3b051e8309f14974bb997944e in trafficserver's branch refs/heads/master from [~SaveTheRbtz] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=e6e0089 ] TS-1146: change severity of non-matched key to debug Key rotation is very frequent operation. There is no need to spam log with errors. > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: New Feature > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 4.2.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch, session_ticket_review.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14065167#comment-14065167 ] ASF subversion and git services commented on TS-1146: - Commit a65742cd81de5f21ed65d7bc8d7ece2046c5ff6d in trafficserver's branch refs/heads/master from [~SaveTheRbtz] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=a65742c ] TS-1146: added counters to TLS ticket callback > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: New Feature > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 4.2.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch, session_ticket_review.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14065169#comment-14065169 ] ASF subversion and git services commented on TS-1146: - Commit 23406cedff31a3bfeb588fd04b581e7a4e5a578c in trafficserver's branch refs/heads/master from [~SaveTheRbtz] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=23406ce ] TS-1146: consistent formatting for log messages > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: New Feature > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 4.2.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch, session_ticket_review.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13848737#comment-13848737 ] Bryan Call commented on TS-1146: Is everything done on this ticket? Can it be closed? > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 4.2.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch, session_ticket_review.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.1.4#6159)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841925#comment-13841925 ] ASF subversion and git services commented on TS-1146: - Commit a10b8090fcb1dc8fa745df9b12d15596ec76cc4d in branch refs/heads/master from [~jpe...@apache.org] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=a10b809 ] TS-1146: fix the CentOS5 build > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 4.2.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch, session_ticket_review.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841885#comment-13841885 ] ASF subversion and git services commented on TS-1146: - Commit 358e92603dd0527122d3142f0a74a9d7280e595f in branch refs/heads/master from [~jpe...@apache.org] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=358e926 ] TS-1146: additional autoconf tests to support older OpenSSL > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 4.2.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch, session_ticket_review.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841819#comment-13841819 ] ASF subversion and git services commented on TS-1146: - Commit 0850f4c3a833a76779be65b769fc0e239e6fc93f in branch refs/heads/master from [~jpe...@apache.org] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=0850f4c ] TS-1146: consistently apply 2char indentation > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 4.2.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch, session_ticket_review.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841638#comment-13841638 ] Leif Hedstrom commented on TS-1146: --- Reopened to fix the indentation as per https://cwiki.apache.org/confluence/display/TS/Coding+Style > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 4.2.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch, session_ticket_review.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841505#comment-13841505 ] ASF subversion and git services commented on TS-1146: - Commit 8dbf06bf30f618aac4c1fc5c87afe7aa38569d33 in branch refs/heads/master from [~sunwei] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=8dbf06b ] TS-1146: RFC 5077 TLS session tickets For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the machines need to have the same server ticket. Add ssl_multicert.config support for specifying a common session ticket key. > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 5.0.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch, session_ticket_review.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[
https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841450#comment-13841450
]
James Peach commented on TS-1146:
-
Hmm, I think we need to call {{SSL_CTX_set_tlsext_ticket_key_cb}} before
{{SSL_CTX_set_ex_data}}, then there could never be a stale pointer on the
{{SSL_CTX}}.
> RFC 5077 TLS Session tickets
>
>
> Key: TS-1146
> URL: https://issues.apache.org/jira/browse/TS-1146
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
>Reporter: James Peach
>Assignee: James Peach
> Labels: A
> Fix For: 5.0.0
>
> Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt,
> session_ticket.patch, session_ticket_review.patch
>
>
> For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the
> machines need to have the same server ticket.
> See https://github.com/apache/httpd rev
> 967d943b93498233f0ec81a5b48706fdb6892dfd
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841057#comment-13841057 ] Wei Sun commented on TS-1146: - Looks good to me. Thanks. Only one comment as below: fail: delete ticket_key; ticket_key = NULL; // SSLReleaseContext() always delete ticket_key when releasing ctx. > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 5.0.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch, session_ticket_review.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839958#comment-13839958 ] Wei Sun commented on TS-1146: - Per my understanding, some legacy systems already have dedicated session cache cluster for session resumption, when they upgrade to the latest openssl, session ticket is supported by default, 'sess_ticket_enabled' option provides a flexibility for them to disable session ticket and continue using their session cache service. If application doesn't explicitly specify this option, the behavior is backward compatible. I updated the patch in the attachment, changes include: 'sess_key_filename' -> 'ticket_key_name'; release the context associated data when ctx's reference is 0; add a little bit of parameter description in ssl_multicert.config.en.rst. Please help review. > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 5.0.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[
https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839466#comment-13839466
]
James Peach commented on TS-1146:
-
OK, I looked more at what http does with session tickets. I agree that is makes
sense to keep the session ticket key in a separate file.
I don't think that the {{sess_ticket_enabled}} parameter is necessary. The
presence or absence of a ticket key should be enough to determine whether to
use session tickets. I thought about whether we should always enable session
tickets with random data and decided against it since the behavior you have
here matches httpd.
I think that {{ticket_key_name}} might be a better name for the parameter than
{{sess_key_filename}} since it it slightly more consistent with the existing
parameter names.
I see that you attach the ticket key to the SSL context, but I'm not clear on
how this data is released. Can you point that out to me?
Finally, if you could make a start at documenting this in
{{doc/reference/configuration/ssl_multicert.config.en.rst}}, that would be very
helpful. I'd be happy to help polish any text you can contribute.
> RFC 5077 TLS Session tickets
>
>
> Key: TS-1146
> URL: https://issues.apache.org/jira/browse/TS-1146
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
>Reporter: James Peach
>Assignee: James Peach
> Labels: A
> Fix For: 5.0.0
>
> Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt,
> session_ticket.patch
>
>
> For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the
> machines need to have the same server ticket.
> See https://github.com/apache/httpd rev
> 967d943b93498233f0ec81a5b48706fdb6892dfd
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13838766#comment-13838766 ] Wei Sun commented on TS-1146: - Thanks for your feedback, I made a little bit of change, please take a look at the updated patch. I've no idea about a standard format, some are using xml, others use plain text files. Yes, it stores secret. I added a few comments around the code, a brief description can be found from cwiki (Projects/SSL/SSLSessionTicket). Storing secrete in file is not secure for some situations, but at least the permission is under control, from this point of view, I think it might be better than inlining them into ssl_multicert.config, your thought? The tools I used are https://github.com/vincentbernat/rfc5077/blob/master/rfc5077-client.c, ssldump, etc. Below are some (minimal) steps I used to verify in my test env: 1). Disable keep_alive_enabled_in; 2). Enabled session ticket, use rfc5077-client or ssldump to observe the result, restarting ats should also reuse the ticket; 3). Change one byte of keyname or encrypting key or signing secrete, ats will create a new ticket; 4). Disable session ticket, session won't be reused any more, each request will trigger a full handshake. I think openssl enables session ticket by default, the difference is restarting ats or crossing multiple servers, the session cannot be retrieved. > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach >Assignee: James Peach > Labels: A > Fix For: 5.0.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[
https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13837197#comment-13837197
]
James Peach commented on TS-1146:
-
Nice work [~sunwei]!
A few comments:
- patch does not apply to master due to changes in
{{iocore/net/SSLUtils.cc}}
- there's a bit of unnecessary whitespace added ({{git diff}} should show
you where it is)
- I don't see the need for
{{proxy.config.ssl.server.sessionticket.enabled}} since this needs to be
enabled by the administrator in {{ssl_multicert.config}}
- as currently constructed this patch does not require
{{ssl_callback_session_ticket}} to be global, so it should be static
- is the {{ssl_ticket_key_t}} file format a standard format? Are the values
secret? Does it make sense to inline them into {{ssl_multicert.config}}
I'll probably have some more comments once the patch applies to master.
I'd also like to see some documentation around this of course :)
Do you have any ideas about how we could do automated regression tests for this?
> RFC 5077 TLS Session tickets
>
>
> Key: TS-1146
> URL: https://issues.apache.org/jira/browse/TS-1146
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
>Reporter: James Peach
>Assignee: James Peach
> Labels: A
> Fix For: 5.0.0
>
> Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt,
> session_ticket.patch
>
>
> For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the
> machines need to have the same server ticket.
> See https://github.com/apache/httpd rev
> 967d943b93498233f0ec81a5b48706fdb6892dfd
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458415#comment-13458415 ] James Peach commented on TS-1146: - also http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach >Assignee: James Peach > Fix For: 3.3.1 > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232154#comment-13232154 ] James Peach commented on TS-1146: - Also: https://github.com/apache/httpd/commit/414911a5da0910b23aa00872874cf64b6b8a7b6b > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-1146) RFC 5077 TLS Session tickets
[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232150#comment-13232150 ] Leif Hedstrom commented on TS-1146: --- https://github.com/apache/httpd/commit/967d943b93498233f0ec81a5b48706fdb6892dfd > RFC 5077 TLS Session tickets > > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL >Reporter: James Peach > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
