NGINX SSL Session Ticket Key

Hi!

Recently nginx implemented support for ssl_session_ticket_key allowing
to setup key(s) for SSL tickets encryption explicitly. This is usefull
when
multiple nginx servers must share the same set of keys in order for any
server to accept tickets issued by any other server.

The key file is an opaque 48 byte long blob. Internally this data is
partitioned
as follows (ngx_ssl_ticket_session_keys, ngx_event_openssl.c):

a key name (16 bytes)
encryption key (16 bytes)
hmac key (16 bytes)

Without nginx customization OpenSSL partitions the key data another
way (ssl3_ctx_ctrl in openssl):

a key name (16 bytes)
hmac key (16 bytes)
encryption key (16 bytes)

This creates a certain compatibility issue. Though I didn’t verify it
presumably Apache’s mod_ssl isn’t going to understand nginx
SSL session tickets even though both servers are using OpenSSL.

I think it would be better if nginx didn’t invent its own ticket key
format but use the format defined by OpenSSL instead.

Best Regards.

Hello!

On Tue, Feb 25, 2014 at 08:23:55PM +0400, ZNV wrote:

This creates a certain compatibility issue. Though I didn’t verify it
presumably Apache’s mod_ssl isn’t going to understand nginx
SSL session tickets even though both servers are using OpenSSL.

I think it would be better if nginx didn’t invent its own ticket key
format but use the format defined by OpenSSL instead.

The format is “48 bytes of random data”, and I don’t think that
compatibility with other software is something to be considered
here. Ticket keys are to be used between multiple nginx
instances, nothing more.


Maxim D.
http://nginx.org/

Hello, Maxim!

The format is “48 bytes of random data”, and I don’t think that
compatibility with other software is something to be considered
here. Ticket keys are to be used between multiple nginx
instances, nothing more.

You are certainly right however this looks like an accidental
incompatibility
rather than an intentional one. Other cryptographic parameters like
encryption
and message authentication algorithms are the same as used by OpenSSL.

I must admit that personally I don’t consider this an issue either, just
sharing
my findings.

Have a nice day :slight_smile:

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs