Bug#762619: apache2: Don't let TLS session tickets botch PFS

[Rodrigo Campos <rodrigo@sdfg.com.ar>]

On Tue, Sep 23, 2014 at 10:41:49PM +0200, Stefan Fritsch wrote:
> On Tuesday 23 September 2014 20:30:04, Rodrigo Campos wrote:
> > I tried to do some tests to see if maybe a reload was enough
> > (doesn't cause downtime :)) to re-generate the randomly generated
> > session ticket key at startup.  But let me be very clear about
> > this: I'm not a security expert (far from that) nor I have any deep
> > knowledge of TLS, session resumption, etc. I just did some tests
> > that I'm not 100% sure what they mean.
> 
> Yes, a graceful reload is enough to generate a new session ticket key. 
> See http://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52248C40.7070206%40opensslfoundation.com%3E

Ohh, I didn't find that. Thanks!

But well, that email says with that setup it did. As it did with mine. And
reading the thread I didn't see nobody saying that in all mpms and
configurations it will. They do say, though, that "if a graceful restart frees
up and reallocates the SSL_CTX structure" it will (here[1]), but I didn't
checked the code to see if this is the case independently of the mpm or configs.

Are you sure it always will ?

> 
> This means that in the default configuration in wheezy, the session 
> ticket key is kept for one week. That is not optimal, but IMHO it is 
> not a severe problem either.

Not sure if it is a severe problem or not, but is something worth mentioning in
README.Debian IMHO.

> 
> In 2.4.10-2, the log rotation has been changed from weekly to daily 
> which gives some improvement.

Nice. But in 2.4 you can turn off session tickets entirely, so it's less of a
problem (although worth mentioning too if that is not the default config IMHO).





Thanks a lot,
Rodrigo


[1]: https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C522339E0.2040005@opensslfoundation.com%3E