Re: TLS session resumption (identifier)

2016-03-04 Thread Igor Sysoev 
On 04 Mar 2016, at 13:30, B.R.  wrote:

> On Fri, Mar 4, 2016 at 11:19 AM, Igor Sysoev  wrote:
> Sorry, I meant there is no performance difference between “none” and “off” 
> settings.
> 
> ​Well, the client believes he should remember every session ID and store it 
> somewhere for nothing, reading/resending/writing it on every connection.
> Small enough network traffic difference, though (the extra, useless ID in the 
> ClientHello message could be considered harmless, even though those extra 
> bytes appear on each TLS session establishment).

I believe this is negligible degradation for a client. These operations can be 
only noticeable
on server which serves a lot of simultaneous clients.

> As to default value, builtin session cache was by default initially but it 
> turned out that
> it leads to memory fragmentation. So the default value has been changed to 
> “off” and
> later to “none”.
> 
> Of course shared cache is certainly better as default value but there is no 
> good understanding
> what default cache size should be used. And now it becomes less important 
> with ticket introduction.
> 
> Total agreement there: I was not pushing for a default activating a cache, 
> but rather for the clean 'off' setting.​
> ---
> B. R.



-- 
Igor Sysoev
http://nginx.com

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: TLS session resumption (identifier)

2016-03-04 Thread B.R. 
On Fri, Mar 4, 2016 at 11:19 AM, Igor Sysoev  wrote:

> Sorry, I meant there is no performance difference between “none” and “off”
> settings.
>

​Well, the client believes he should remember every session ID and store it
somewhere for nothing, reading/resending/writing it on every connection.
Small enough network traffic difference, though (the extra, useless ID in
the ClientHello message could be considered harmless, even though those
extra bytes appear on each TLS session establishement).

As to default value, builtin session cache was by default initially but it
> turned out that
> it leads to memory fragmentation. So the default value has been changed to
> “off” and
> later to “none”.
>
> Of course shared cache is certainly better as default value but there is
> no good understanding
> what default cache size should be used. And now it becomes less important
> with ticket introduction.
>

Total agreement there: I was not pushing for a default activating a cache,
but rather for the clean 'off' setting.​
---
*B. R.*
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: TLS session resumption (identifier)

2016-03-04 Thread Igor Sysoev 
On 04 Mar 2016, at 12:55, B.R.  wrote:

> On Fri, Mar 4, 2016 at 10:33 AM, Igor Sysoev  wrote:
>> But still, advertising something without actually supporting it must lead to 
>> cases where sessions reuse is believed to take place without ever happening, 
>> harming performance... that was probably happening in versions < 1.5.9.
> 
> I do not think that it should harm performance.
> 
> ​Oh yes it does​... I am surprised by your stance and I beg to differ.
> Having quite some load from many clients on a web-server delivering content 
> over HTTPS, it relieves a lot of pain to save CPU cycles by avoiding a full 
> handshake.
> When a client browses a website, (s)he will initiate many connections. Beyond 
> the first one (ones with multiplexing?), session reuse kicks in. Repeat that 
> for each client and sum all the saved CPU cycles. Even an improper 
> (non-scientific) benchmark will show you improvement.
> 
> Session reuse is part of the effort of optimizing TLS trafic to minimize its 
> overhead. Have a talk about it with the W3C webperf group if you wish, to 
> which Ilya Grigorik (participated at nginxconf 2014) belongs. Have a look at 
> his checklist too.​

Sorry, I meant there is no performance difference between “none” and “off” 
settings.

As to default value, builtin session cache was by default initially but it 
turned out that
it leads to memory fragmentation. So the default value has been changed to 
“off” and
later to “none”.

Of course shared cache is certainly better as default value but there is no 
good understanding
what default cache size should be used. And now it becomes less important with 
ticket introduction. 


-- 
Igor Sysoev
http://nginx.com

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: TLS session resumption (identifier)

2016-03-04 Thread B.R. 
On Fri, Mar 4, 2016 at 10:33 AM, Igor Sysoev  wrote:

> But still, advertising something without actually supporting it must lead
> to cases where sessions reuse is believed to take place without ever
> happening, harming performance... that was probably happening in versions <
> 1.5.9.
>
>
> I do not think that it should harm performance.
>

​Oh yes it does​... I am surprised by your stance and I beg to differ.
Having quite some load from many clients on a web-server delivering content
over HTTPS, it relieves a lot of pain to save CPU cycles by avoiding a full
handshake.
When a client browses a website, (s)he will initiate many connections.
Beyond the first one (ones with multiplexing?), session reuse kicks in.
Repeat that for each client and sum all the saved CPU cycles. Even an
improper (non-scientific) benchmark will show you improvement.

Session reuse is part of the effort of optimizing TLS trafic to minimize
its overhead. Have a talk about it with the W3C webperf group
 if you wish, to which Ilya Grigorik
(participated at nginxconf 2014) belongs. Have a look at his checklist
 too.​


> Giving the possibility to accomodate with Outlook (and Microsoft products
> in general) numerous quirks is fine, but making it the default is debatable…
>
>
> I believe this is safe default and clients should not rely on resumed
> sessions because
> 1) sessions have timeout defined by server security policy,
> 2) and server has limited session storage so old sessions are removed.
>

​Well, the mechanism behind TLS sessions is basically a trial-and-error​

​one.​ Even for tickets I would add, if the server changed its Master Key
between ticket creation and reuse.
There is little-to-no overhead at trying an expired session ID/ticket which
the client communicate in his initial message to the server. ID search in
cache or ticket invalidation requires few overhead resource and in case of
invalidation, normal protocol to initiate a new session resumes.

There is no guarantee a session exists, but there is everything to gain
from it if it does.​
---
*B. R.*
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: TLS session resumption (identifier)

2016-03-04 Thread B.R. 
Thanks Igor, that makes the whole thing crystal clear!

What saves us there is the fact that, if I understand it well, the RFC 5077
​ states the server
decides by itself on the use of tickets and those have precedence over
identifiers.
But still, advertising something without actually supporting it must lead
to cases where sessions reuse is believed to take place without ever
happening, harming performance... that was probably happening in versions <
1.5.9.

Giving the possibility to accomodate with Outlook (and Microsoft products
in general) numerous quirks is fine, but making it the default is
debatable... Maybe the docs should be more explicit about the reason of the
existence of 'none'? Code comments are clearer than the docs on this matter.
---
*B. R.*

On Thu, Mar 3, 2016 at 4:48 PM, Igor Sysoev  wrote:

>
> On 03 Mar 2016, at 18:42, B.R.  wrote:
>
> Thanks, Maxim.
>
> You were right: I did my tests improperly...
>
> What is the use of the 'none' value then? Should not there be only the
> 'off' one?
> There must be some benefit to it, but I fail to catch it.
>
>
> Initially it has been implemented for mail proxy module, but it seems that
> “none”
> is more graceful than “off” in general:
>
>/*
> * If the server explicitly says that it does not support
> * session reuse (see SSL_SESS_CACHE_OFF above), then
> * Outlook Express fails to upload a sent email to
> * the Sent Items folder on the IMAP server via a separate IMAP
> * connection in the background. Therefore we have a special
> * mode (SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_STORE)
> * where the server pretends that it supports session reuse,
> * but it does not actually store any session.
> */
>
> --
> Igor Sysoev
> http://nginx.com
>
> On Thu, Mar 3, 2016 at 2:29 PM, Maxim Dounin  wrote:
>
>> Hello!
>>
>> On Thu, Mar 03, 2016 at 12:42:55PM +0100, B.R. wrote:
>>
>> > Based on the default value of ssl_session_cache
>> > <
>> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
>> >,
>> > nginx does not store any session parameter, but allows client with the
>> > right Master Key to reuse their ID (and the parameters they got).
>> >
>> > Since nginx, does not cache anything and is thus unable to revalidate
>> > anything but the Master Key, isn't it a violation of the RFC not to
>> > validate all the parameters?
>>
>> You are misunderstanding what "ssl_session_cache none" does.  It
>> doesn't allow anything to be reused, just says so to clients.
>>
>> --
>> Maxim Dounin
>> http://nginx.org/
>>
>> ___
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: TLS session resumption (identifier)

2016-03-03 Thread Igor Sysoev 

On 03 Mar 2016, at 18:42, B.R.  wrote:

> Thanks, Maxim.
> 
> You were right: I did my tests improperly...
> 
> What is the use of the 'none' value then? Should not there be only the 'off' 
> one?
> There must be some benefit to it, but I fail to catch it.

Initially it has been implemented for mail proxy module, but it seems that 
“none”
is more graceful than “off” in general:

   /*
* If the server explicitly says that it does not support
* session reuse (see SSL_SESS_CACHE_OFF above), then
* Outlook Express fails to upload a sent email to
* the Sent Items folder on the IMAP server via a separate IMAP
* connection in the background. Therefore we have a special
* mode (SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_STORE)
* where the server pretends that it supports session reuse,
* but it does not actually store any session.
*/

-- 
Igor Sysoev
http://nginx.com

> On Thu, Mar 3, 2016 at 2:29 PM, Maxim Dounin  wrote:
> Hello!
> 
> On Thu, Mar 03, 2016 at 12:42:55PM +0100, B.R. wrote:
> 
> > Based on the default value of ssl_session_cache
> > ,
> > nginx does not store any session parameter, but allows client with the
> > right Master Key to reuse their ID (and the parameters they got).
> >
> > Since nginx, does not cache anything and is thus unable to revalidate
> > anything but the Master Key, isn't it a violation of the RFC not to
> > validate all the parameters?
> 
> You are misunderstanding what "ssl_session_cache none" does.  It
> doesn't allow anything to be reused, just says so to clients.
> 
> --
> Maxim Dounin
> http://nginx.org/
> 
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: TLS session resumption (identifier)

2016-03-03 Thread B.R. 
Thanks, Maxim.

You were right: I did my tests improperly...

What is the use of the 'none' value then? Should not there be only the
'off' one?
There must be some benefit to it, but I fail to catch it.
---
*B. R.*

On Thu, Mar 3, 2016 at 2:29 PM, Maxim Dounin  wrote:

> Hello!
>
> On Thu, Mar 03, 2016 at 12:42:55PM +0100, B.R. wrote:
>
> > Based on the default value of ssl_session_cache
> > <
> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache>,
> > nginx does not store any session parameter, but allows client with the
> > right Master Key to reuse their ID (and the parameters they got).
> >
> > Since nginx, does not cache anything and is thus unable to revalidate
> > anything but the Master Key, isn't it a violation of the RFC not to
> > validate all the parameters?
>
> You are misunderstanding what "ssl_session_cache none" does.  It
> doesn't allow anything to be reused, just says so to clients.
>
> --
> Maxim Dounin
> http://nginx.org/
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: TLS session resumption (identifier)

2016-03-03 Thread Maxim Dounin 
Hello!

On Thu, Mar 03, 2016 at 12:42:55PM +0100, B.R. wrote:

> Based on the default value of ssl_session_cache
> ,
> nginx does not store any session parameter, but allows client with the
> right Master Key to reuse their ID (and the parameters they got).
> 
> Since nginx, does not cache anything and is thus unable to revalidate
> anything but the Master Key, isn't it a violation of the RFC not to
> validate all the parameters?

You are misunderstanding what "ssl_session_cache none" does.  It 
doesn't allow anything to be reused, just says so to clients.

-- 
Maxim Dounin
http://nginx.org/

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx