Opened 8 years ago

Closed 23 months ago

#927 closed enhancement (wontfix)

Set $ssl_session_reused to "t" for session ticket reuse and set $ssl_session_id with session tickets

Reported by: Neil Craig Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.9.x
Keywords: tls session ticket variable ssl Cc:
uname -a: Linux ip-10-13-145-208 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.9.12
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/current/nginx.conf --pid-path=/var/run/ --error-log-path=/var/log/nginx/default-error.log --http-log-path=/var/log/nginx/default-access.log --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=gtmdaemon --group=gtmdaemon --with-http_realip_module --with-http_v2_module --with-http_ssl_module --with-http_geoip_module --with-http_image_filter_module --with-pcre-jit --with-ipv6 --with-file-aio --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' --add-module=/tmp/tmpTahEEN/BUILD/nginx-1.9.12/headers-more-nginx-module --add-module=/tmp/tmpTahEEN/BUILD/nginx-1.9.12/naxsi/naxsi_src --add-module=/tmp/tmpTahEEN/BUILD/nginx-1.9.12/nginx-module-vts --with-openssl=/tmp/tmpTahEEN/BUILD/nginx-1.9.12/openssl-1.0.2g



I've got an NGINX setup which offers TLS session tickets which work just fine but i only found that out after a bit of digging because my access logging which logs $ssl_session_reused and $ssl_session_id showed nothing for either value and thus I thought session tickets were not working.

So, i'd like to ask if it's possible to perhaps extend/set as follows under session tickets:
$ssl_session_reused to "t" when session tickets are in use
$ssl_session_id to the session ticket ID

This would enable me and others to log (etc.) session ticket usage, otherwise it's a bit of blind faith.

It'd also be really nice to note in the docs ( the current info is for the 1st gen server-side TLS sessions as i think it's perhaps a bit too implicit currently.


Change History (5)

comment:1 by Maxim Dounin, 8 years ago

When using session tickets, there is such thing as "session ticket id" - tickets are just encrypted data. Session ID as available after a session is resumed using a ticket is an ID generated by the client, see RFC 5077:

   When presenting a ticket, the client MAY generate and include a
   Session ID in the TLS ClientHello.  If the server accepts the ticket
   and the Session ID is not empty, then it MUST respond with the same
   Session ID present in the ClientHello.  This allows the client to
   easily differentiate when the server is resuming a session from when
   it is falling back to a full handshake.  Since the client generates a
   Session ID, the server MUST NOT rely upon the Session ID having a
   particular value when validating the ticket.  If a ticket is
   presented by the client, the server MUST NOT attempt to use the
   Session ID in the ClientHello for stateful session resumption.
   Alternatively, the client MAY include an empty Session ID in the
   ClientHello.  In this case, the client ignores the Session ID sent in
   the ServerHello and determines if the server is resuming a session by
   the subsequent handshake messages.

As this ID is generated by a client when presenting a ticket, it is not available during first connection. Note that it may also not be available during subsequent connections, or be different in different connections.

In either case $ssl_session_reused will correctly show if session is reused or not (either using session cache or session tickets).

You can easily check if session tickets work using openssl s_client, e.g.:

$ openssl s_client -connect -reconnect
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 54 d2 3e 3b 32 c5 cd 1c-91 d8 4d 7a 7c 9d 24 f8   T.>;2.....Mz|.$.
    0010 - 4b 78 0c 3d 3f 20 ac aa-44 bb a7 ee 89 19 1f a7   Kx.=? ..D.......
drop connection and then reconnect
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 54 d2 3e 3b 32 c5 cd 1c-91 d8 4d 7a 7c 9d 24 f8   T.>;2.....Mz|.$.
    0010 - 4b 78 0c 3d 3f 20 ac aa-44 bb a7 ee 89 19 1f a7   Kx.=? ..D.......

It may make sense to introduce additional information to make it possible to find out if a session was reused using session tickets or session cache (and additional value in the $ssl_session_reused variables looks like a good solution). But an API to do this, SSL_SESSION_has_ticket(), is only available in OpenSSL 1.1.0, which is not yet released. And finding this in at least some previous versions would not be possible with OPENSSL_NO_SSL_INTERN defined.

comment:2 by Neil Craig, 8 years ago

Apologies for the delay in response, i was assuming i'd get an email.

WRT session ID, i'd seen that in the openssl s_client output - understood.

WRT session_reuse - it would be massively helpful to have an indicator in the $ssl_session_reuse var as we'll have a large number of NGINX servers and thus checking them via openssl or similar is not practical in a trivial manner, also it would be extremely useful as a reporting metric in access logs (i am logging this value already). Perhaps it'd be possible to add this conditionally on the underlying SSL lib supporting it?


comment:3 by Neil Craig, 8 years ago

Hi again

Just wondered if the above might be worth looking at now that NGINX compiles against openssl 1.1.


comment:4 by Maxim Dounin, 8 years ago

Keywords: ssl added

comment:5 by Maxim Dounin, 23 months ago

Resolution: wontfix
Status: newclosed

I've looked into this in more detail, and it turns out I was wrong: SSL_SESSION_has_ticket() only works on client side of an SSL connection, and cannot be used to distinguish session resumption based on session cache or session tickets on the server. It does not look like there is an easy way to distinguish different ways of session resumption on the server.

Given that tickets are supported by all major clients, and TLSv1.3 essentially makes tickets support mandatory, trying to implement this without readily available interfaces in the SSL libraries probably does not worth the effort.

Note: See TracTickets for help on using tickets.