add option for disabling TLS session tickets to libttls

Sun, 21 Aug 2016 09:04:13 -0700 

Hello,
LibreSSL enables the use of the TLS session ticket extension [RFC 5077, or, according to comments in source code its older version 4507] by default, and libtls currently doesn't provide an API call for disabling this feature. 


Consequently, OpenBSD's httpd has TLS session tickets enabled by default 
and doesn't provide an option to turn this TLS extension off. Moreover, 
there's currently no way to provide a specific policy with regard to the 
use of TLS session tickets (e.g., lifetime of the corresponding secret 
key which is used for encrypting all session tickets, the encryption 
scheme for session tickets etc).



Since the use of TLS session tickets potentially interferes with forward 
secrecy on a per-session basis, I'd personally prefer an opt-in in 
libtls as well as in httpd with regard to its usage. However, such a 
semantic change would not be transparent. Any opinions on this?



As kind of a first step, the attached diff adds an function to libtls 
which allows to (optionally) disable the use of tls session tickets.


Best regards
Andreas

Index: src/lib/libtls/tls.h
===================================================================
RCS file: /cvs/src/lib/libtls/tls.h,v
retrieving revision 1.33
diff -u -p -u -r1.33 tls.h
--- src/lib/libtls/tls.h	12 Aug 2016 15:10:59 -0000	1.33
+++ src/lib/libtls/tls.h	21 Aug 2016 15:08:32 -0000
@@ -41,6 +41,9 @@ extern "C" {
 #define TLS_WANT_POLLIN		-2
 #define TLS_WANT_POLLOUT	-3
 
+#define TLS_SESSION_TICKETS_DISABLE	0
+#define TLS_SESSION_TICKETS_ENABLE	1
+
 struct tls;
 struct tls_config;
 
@@ -73,6 +76,8 @@ int tls_config_set_keypair_mem(struct tl
     size_t _cert_len, const uint8_t *_key, size_t _key_len);
 void tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
 void tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
+
+void tls_config_disable_session_tickets(struct tls_config *_config);
 
 void tls_config_prefer_ciphers_client(struct tls_config *_config);
 void tls_config_prefer_ciphers_server(struct tls_config *_config);
Index: src/lib/libtls/tls_config.c
===================================================================
RCS file: /cvs/src/lib/libtls/tls_config.c,v
retrieving revision 1.27
diff -u -p -u -r1.27 tls_config.c
--- src/lib/libtls/tls_config.c	13 Aug 2016 13:15:53 -0000	1.27
+++ src/lib/libtls/tls_config.c	21 Aug 2016 15:08:32 -0000
@@ -193,6 +193,8 @@ tls_config_new(void)
 	tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT);
 	tls_config_set_verify_depth(config, 6);
 
+	config->session_tickets = TLS_SESSION_TICKETS_ENABLE;
+
 	tls_config_prefer_ciphers_server(config);
 
 	tls_config_verify(config);
@@ -524,6 +526,12 @@ void
 tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
 {
 	config->verify_depth = verify_depth;
+}
+
+void
+tls_config_disable_session_tickets(struct tls_config *config)
+{
+	config->session_tickets = TLS_SESSION_TICKETS_DISABLE;
 }
 
 void
Index: src/lib/libtls/tls_init.3
===================================================================
RCS file: /cvs/src/lib/libtls/tls_init.3,v
retrieving revision 1.66
diff -u -p -u -r1.66 tls_init.3
--- src/lib/libtls/tls_init.3	18 Aug 2016 15:43:12 -0000	1.66
+++ src/lib/libtls/tls_init.3	21 Aug 2016 15:08:32 -0000
@@ -39,6 +39,7 @@
 .Nm tls_config_set_keypair_mem ,
 .Nm tls_config_set_protocols ,
 .Nm tls_config_set_verify_depth ,
+.Nm tls_config_disable_session_tickets ,
 .Nm tls_config_prefer_ciphers_client ,
 .Nm tls_config_prefer_ciphers_server ,
 .Nm tls_config_clear_keys ,
@@ -119,6 +120,8 @@
 .Fn tls_config_set_protocols "struct tls_config *config" "uint32_t protocols"
 .Ft "void"
 .Fn tls_config_set_verify_depth "struct tls_config *config" "int verify_depth"
+.Ft "void"
+.Fn tls_config_disable_session_tickets "struct tls_config *config"
 .Ft "void"
 .Fn tls_config_prefer_ciphers_client "struct tls_config *config"
 .Ft "void"
Index: src/lib/libtls/tls_internal.h
===================================================================
RCS file: /cvs/src/lib/libtls/tls_internal.h,v
retrieving revision 1.39
diff -u -p -u -r1.39 tls_internal.h
--- src/lib/libtls/tls_internal.h	15 Aug 2016 15:44:58 -0000	1.39
+++ src/lib/libtls/tls_internal.h	21 Aug 2016 15:08:32 -0000
@@ -64,6 +64,7 @@ struct tls_config {
 	int ecdhecurve;
 	struct tls_keypair *keypair;
 	uint32_t protocols;
+	int session_tickets;
 	int verify_cert;
 	int verify_client;
 	int verify_depth;
Index: src/lib/libtls/tls_server.c
===================================================================
RCS file: /cvs/src/lib/libtls/tls_server.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 tls_server.c
--- src/lib/libtls/tls_server.c	18 Aug 2016 15:52:03 -0000	1.24
+++ src/lib/libtls/tls_server.c	21 Aug 2016 15:08:32 -0000
@@ -113,6 +113,9 @@ tls_configure_server_ssl(struct tls *ctx
 	if (ctx->config->ciphers_server == 1)
 		SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
 
+	if (ctx->config->session_tickets == TLS_SESSION_TICKETS_DISABLE)
+		SSL_CTX_set_options(*ssl_ctx, SSL_OP_NO_TICKET);
+
 	/*
 	 * Set session ID context to a random value.  We don't support
 	 * persistent caching of sessions so it is OK to set a temporary






















					Reply via email to