Re: mod_ssl SSL session timeout
On 15.06.2014 09:51, Kaspar Brand wrote: On 14.06.2014 12:53, Rainer Jung wrote: I'm slightly in favor of the latter, i.e. something like SSL_CTX_set_timeout(sc->server->ssl_ctx, sc->session_cache_timeout == UNSET ? SSL_SESSION_CACHE_TIMEOUT : sc->session_cache_timeout); (As a side effect, this would also make sure that the timeout for TLS session tickets is 300 seconds for all SSLProtocol settings, if SSLSessionCacheTimeout is not explicitly configured.) Applied to trunk together with a small docs extension in r1610311. Proposed for backport. Regards, Rainer
Re: mod_ssl SSL session timeout
On 14.06.2014 12:53, Rainer Jung wrote: > SSL_CTX_set_timeout() seems to work pretty well. Indeed. I missed the fact that after the ticket has been decrypted/processed, there's a timeout check in ssl_sess.c:ssl_get_prev_session(), based on the SSL_SESSION's "time" value, which is the timestamp of its creation. SSL_CTX_set_timeout() adjusts the default value for SSL sessions created by ssl_sess.c:ssl_get_new_session(). Right now, mod_ssl relies on the builtin OpenSSL defaults, which are somewhat inconsistent: - if SSLProtocol specifies multiple protocols, the default timeout for TLS session tickets is 300 seconds - if SSLProtocol only specifies one of "TLSv1", "TLSv1.1", or "TLSv1.2", the default timeout for session tickets is 7200 seconds > In addition to the usual directive management lines, the patch should be > as simple as > > Index: modules/ssl/ssl_engine_init.c > === > --- modules/ssl/ssl_engine_init.c (revision 1593916) > +++ modules/ssl/ssl_engine_init.c (working copy) > @@ -1365,6 +1365,8 @@ > } > #endif > > +SSL_CTX_set_timeout(sc->server->ssl_ctx, sc->server->session_timeout); > + > return APR_SUCCESS; > } > > where sc->server->session_timeout is the new configuration item (if we > do not stick to the existing cache timeout). I'm slightly in favor of the latter, i.e. something like SSL_CTX_set_timeout(sc->server->ssl_ctx, sc->session_cache_timeout == UNSET ? SSL_SESSION_CACHE_TIMEOUT : sc->session_cache_timeout); (As a side effect, this would also make sure that the timeout for TLS session tickets is 300 seconds for all SSLProtocol settings, if SSLSessionCacheTimeout is not explicitly configured.) Kaspar
Re: mod_ssl SSL session timeout
On 14.06.2014 11:44, Rainer Jung wrote: > On 14.06.2014 10:23, Kaspar Brand wrote: >> On 13.06.2014 16:55, Rainer Jung wrote: >>> Now since a long time most clients do no longer rely on the server >>> caching the sessions. Instead they use TLS session resumption (RFC >>> 5077). >> >> "without server-side state"/"stateless" is actually the important term >> from this RFC (session resumption is a standard protocol feature). >> >>> Currently mod_ssl does not provide a way to control the time how long >>> such a ticket may be used by the client. As far as I can see, there is >>> no specific API in OpenSSL for that, but there is a general API allowing >>> to set a session timeout that is checked whenever a session is >>> reconstructed. >> >> What OpenSSL function do you have in mind? SSL_SESSION_set_timeout? > > I was hoping SSL_CTX_set_timeout() would do the trick. > >> AFAICT, t1_lib.c:tls_decrypt_ticket simply restores the (relative) >> timeout for the SSL_SESSION, which is set to 5 minutes by default... but >> if I'm understanding correctly, you are concerned about clients reusing >> "old" tickets, is that correct? (If so, then I guess there's currently >> no other way than switching to a new ticket encryption key, see also [1]). > > Yes that's my concern. I will give SSL_CTX_set_timeout() a try over the > weekend. SSL_CTX_set_timeout() seems to work pretty well. I tested with Firefox 30 as client using TLS 1.2 and verifying that the server side cache was not used. As soon as the new timeout is over (delta to the creation time of the session), resumption fails and a new session is created. In addition to the usual directive management lines, the patch should be as simple as Index: modules/ssl/ssl_engine_init.c === --- modules/ssl/ssl_engine_init.c (revision 1593916) +++ modules/ssl/ssl_engine_init.c (working copy) @@ -1365,6 +1365,8 @@ } #endif +SSL_CTX_set_timeout(sc->server->ssl_ctx, sc->server->session_timeout); + return APR_SUCCESS; } where sc->server->session_timeout is the new configuration item (if we do not stick to the existing cache timeout). >> Kaspar >> >> [1] >> https://mail-archives.apache.org/mod_mbox/httpd-dev/201308.mbox/%3C2013082727.GA7331%40redhat.com%3E >> or >> https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52248C40.7070206%40opensslfoundation.com%3E Rainer
Re: mod_ssl SSL session timeout
On 14.06.2014 10:23, Kaspar Brand wrote: > On 13.06.2014 16:55, Rainer Jung wrote: >> Now since a long time most clients do no longer rely on the server >> caching the sessions. Instead they use TLS session resumption (RFC >> 5077). > > "without server-side state"/"stateless" is actually the important term > from this RFC (session resumption is a standard protocol feature). > >> Currently mod_ssl does not provide a way to control the time how long >> such a ticket may be used by the client. As far as I can see, there is >> no specific API in OpenSSL for that, but there is a general API allowing >> to set a session timeout that is checked whenever a session is >> reconstructed. > > What OpenSSL function do you have in mind? SSL_SESSION_set_timeout? I was hoping SSL_CTX_set_timeout() would do the trick. > AFAICT, t1_lib.c:tls_decrypt_ticket simply restores the (relative) > timeout for the SSL_SESSION, which is set to 5 minutes by default... but > if I'm understanding correctly, you are concerned about clients reusing > "old" tickets, is that correct? (If so, then I guess there's currently > no other way than switching to a new ticket encryption key, see also [1]). Yes that's my concern. I will give SSL_CTX_set_timeout() a try over the weekend. > Kaspar > > [1] > https://mail-archives.apache.org/mod_mbox/httpd-dev/201308.mbox/%3C2013082727.GA7331%40redhat.com%3E > or > https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52248C40.7070206%40opensslfoundation.com%3E Regards, Rainer
Re: mod_ssl SSL session timeout
On 13.06.2014 16:55, Rainer Jung wrote: > Now since a long time most clients do no longer rely on the server > caching the sessions. Instead they use TLS session resumption (RFC > 5077). "without server-side state"/"stateless" is actually the important term from this RFC (session resumption is a standard protocol feature). > Currently mod_ssl does not provide a way to control the time how long > such a ticket may be used by the client. As far as I can see, there is > no specific API in OpenSSL for that, but there is a general API allowing > to set a session timeout that is checked whenever a session is > reconstructed. What OpenSSL function do you have in mind? SSL_SESSION_set_timeout? AFAICT, t1_lib.c:tls_decrypt_ticket simply restores the (relative) timeout for the SSL_SESSION, which is set to 5 minutes by default... but if I'm understanding correctly, you are concerned about clients reusing "old" tickets, is that correct? (If so, then I guess there's currently no other way than switching to a new ticket encryption key, see also [1]). Kaspar [1] https://mail-archives.apache.org/mod_mbox/httpd-dev/201308.mbox/%3C2013082727.GA7331%40redhat.com%3E or https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52248C40.7070206%40opensslfoundation.com%3E
Re: mod_ssl SSL session timeout
On Fri, Jun 13, 2014 at 5:19 PM, Eric Covener wrote: > On Fri, Jun 13, 2014 at 11:03 AM, Plüm, Rüdiger, Vodafone Group > wrote: >>> I would prefer to keep SSLSessionCacheTimeout the only directive and use >>> that also for the default timeout of any created session even if not >>> cached server side. Second best IMHO would be a separate >> >> +1 to this >> >>> SSLSessionTimeout, which would be implemented totally independent of >>> SSLSessionCacheTimeout. >>> >> >> Only +0 here. > > +1 +1
Re: mod_ssl SSL session timeout
On Fri, Jun 13, 2014 at 11:03 AM, Plüm, Rüdiger, Vodafone Group wrote: >> I would prefer to keep SSLSessionCacheTimeout the only directive and use >> that also for the default timeout of any created session even if not >> cached server side. Second best IMHO would be a separate > > +1 to this > >> SSLSessionTimeout, which would be implemented totally independent of >> SSLSessionCacheTimeout. >> > > Only +0 here. +1 -- Eric Covener [email protected]
