Opened 5 years ago
#1892 new defect
TLSv1.3 session resumption - session tickets renewing
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.16.x |
Keywords: | TLS | Cc: | |
uname -a: | Linux a974b548d355 5.3.0-1-amd64 #1 SMP Debian 5.3.7-1 (2019-10-19) x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.16.1 (nginx)
built by gcc 7.3.1 20180303 (Red Hat 7.3.1-5) (GCC) built with OpenSSL 1.1.1c 28 May 2019 TLS SNI support enabled configure arguments: --with-ld-opt=-Wl,-rpath,/usr/lib64 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_geoip_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-libatomic --with-openssl=../openssl --with-pcre=../pcre --with-pcre-jit --with-http_v2_hpack_enc --with-compat --add-module=../ngx_devel_kit --add-module=../headersmore --add-dynamic-module=../pushstream --add-module=../lua --add-module=../stream-lua --add-module=../nginx-module-vts --add-module=../nginx-auth-ldap --add-module=../nginx-module-sts --add-module=../nginx-module-stream-sts --add-module=../ngx_brotli --add-module=../nginx_upstream_check_module --add-dynamic-module=../ngx_aws_auth --add-dynamic-module=../nginx-module-opentracing/opentracing --add-dynamic-module=../nginx-rtmp-module --with-http_v2_module --with-cc-opt='-O3 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mmmx -msse -msse2 -DTCP_FASTOPEN=23 -Wno-error=strict-aliasing' --with-openssl-opt='no-ssl3 no-dtls no-rc5 enable-weak-ssl-ciphers' --build=nginx --with-debug |
Description
When using TLSv1.3, sessions tickets are not renewed while decrypting tickets and session resumption works only for two requests, because this is the default number of issued tickets.
On the contrary, default session ticket handler in openssl (used when no callbacks were registered via SSL_CTX_set_tlsext_ticket_key_cb
) renews session ticket whenever ticket is decrypted when TLSv1.3 is in use.
Nginx provides its own ticket callback and renews session ticket only when client came with a ticket encrypted with an expired key (ssl_session_ticket_key
rotated).
I believe ngx_ssl_session_ticket_key_callback
should return 2 not only when expired key was used, but also when TLSv1.3 is in use.
Simple working solution (not taking into account future TLS versions):
--- nginx-1.16.1-orig/src/event/ngx_event_openssl.c 2019-11-08 12:59:34.026387380 +0100 +++ nginx-1.16.1/src/event/ngx_event_openssl.c 2019-11-18 11:48:24.872995156 +0100 @@ -4138,7 +4222,8 @@ return -1; } - return (i == 0) ? 1 : 2 /* renew */; + // renew ticket when using TLSv1.3 or ticket was encrypted with expired key + return (i > 0 || ngx_strcmp(SSL_get_version(ssl_conn), "TLSv1.3") == 0) ? 2 /* renew */ : 1; } }