Opened 3 weeks ago

#1892 new defect

TLSv1.3 session resumption - session tickets renewing

Reported by: bartebor@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.16.x
Keywords: TLS Cc:
uname -a: Linux a974b548d355 5.3.0-1-amd64 #1 SMP Debian 5.3.7-1 (2019-10-19) x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.16.1 (nginx) built by gcc 7.3.1 20180303 (Red Hat 7.3.1-5) (GCC) built with OpenSSL 1.1.1c 28 May 2019 TLS SNI support enabled configure arguments: --with-ld-opt=-Wl,-rpath,/usr/lib64 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_geoip_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-libatomic --with-openssl=../openssl --with-pcre=../pcre --with-pcre-jit --with-http_v2_hpack_enc --with-compat --add-module=../ngx_devel_kit --add-module=../headersmore --add-dynamic-module=../pushstream --add-module=../lua --add-module=../stream-lua --add-module=../nginx-module-vts --add-module=../nginx-auth-ldap --add-module=../nginx-module-sts --add-module=../nginx-module-stream-sts --add-module=../ngx_brotli --add-module=../nginx_upstream_check_module --add-dynamic-module=../ngx_aws_auth --add-dynamic-module=../nginx-module-opentracing/opentracing --add-dynamic-module=../nginx-rtmp-module --with-http_v2_module --with-cc-opt='-O3 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mmmx -msse -msse2 -DTCP_FASTOPEN=23 -Wno-error=strict-aliasing' --with-openssl-opt='no-ssl3 no-dtls no-rc5 enable-weak-ssl-ciphers' --build=nginx --with-debug

Description

When using TLSv1.3, sessions tickets are not renewed while decrypting tickets and session resumption works only for two requests, because this is the default number of issued tickets.

On the contrary, default session ticket handler in openssl (used when no callbacks were registered via SSL_CTX_set_tlsext_ticket_key_cb) renews session ticket whenever ticket is decrypted when TLSv1.3 is in use.

Nginx provides its own ticket callback and renews session ticket only when client came with a ticket encrypted with an expired key (ssl_session_ticket_key rotated).

I believe ngx_ssl_session_ticket_key_callback should return 2 not only when expired key was used, but also when TLSv1.3 is in use.

Simple working solution (not taking into account future TLS versions):

--- nginx-1.16.1-orig/src/event/ngx_event_openssl.c     2019-11-08 12:59:34.026387380 +0100
+++ nginx-1.16.1/src/event/ngx_event_openssl.c  2019-11-18 11:48:24.872995156 +0100
@@ -4138,7 +4222,8 @@
             return -1;
         }
 
-        return (i == 0) ? 1 : 2 /* renew */;
+        // renew ticket when using TLSv1.3 or ticket was encrypted with expired key
+        return (i > 0 || ngx_strcmp(SSL_get_version(ssl_conn), "TLSv1.3") == 0) ? 2 /* renew */ : 1;
     }
 }
 

Change History (0)

Note: See TracTickets for help on using tickets.