bind9

mirror of https://github.com/isc-projects/bind9.git synced 2026-02-24 10:21:10 -05:00

History

Artem Boldariev c759f25c7b Add "session-tickets" options to the "tls" clause This commit adds the ability to enable or disable stateless TLS session resumption tickets (see RFC5077). Having this ability is twofold. Firstly, these tickets are encrypted by the server, and the algorithm might be weaker than the algorithm negotiated during the TLS session establishment (it is in general the case for TLSv1.2, but the generic principle applies to TLSv1.3 as well, despite it having better ciphers for session tickets). Thus, they might compromise Perfect Forward Secrecy. Secondly, disabling it might be necessary if the same TLS key/cert pair is supposed to be used by multiple servers to achieve, e.g., load balancing because the session ticket by default gets generated in runtime, while to achieve successful session resumption ability, in this case, would have required using a shared key. The proper alternative to having the ability to disable stateless TLS session resumption tickets is to implement a proper session tickets key rollover mechanism so that key rotation might be performed often (e.g. once an hour) to not compromise forward secrecy while retaining the associated performance benefits. That is much more work, though. On the other hand, having the ability to disable session tickets allows having a deployable configuration right now in the cases when either forward secrecy is wanted or sharing the TLS key/cert pair between multiple servers is needed (or both).	2021-10-01 15:50:43 +03:00
..
isc	Add "session-tickets" options to the "tls" clause	2021-10-01 15:50:43 +03:00
.clang-format	Add separate .clang-format files for headers	2020-02-14 09:31:05 +01:00

Artem Boldariev c759f25c7b Add "session-tickets" options to the "tls" clause

This commit adds the ability to enable or disable stateless TLS
session resumption tickets (see RFC5077). Having this ability is
twofold.

Firstly, these tickets are encrypted by the server, and the algorithm
might be weaker than the algorithm negotiated during the TLS session
establishment (it is in general the case for TLSv1.2, but the generic
principle applies to TLSv1.3 as well, despite it having better ciphers
for session tickets). Thus, they might compromise Perfect Forward
Secrecy.

Secondly, disabling it might be necessary if the same TLS key/cert
pair is supposed to be used by multiple servers to achieve, e.g., load
balancing because the session ticket by default gets generated in
runtime, while to achieve successful session resumption ability, in
this case, would have required using a shared key.

The proper alternative to having the ability to disable stateless TLS
session resumption tickets is to implement a proper session tickets
key rollover mechanism so that key rotation might be performed
often (e.g. once an hour) to not compromise forward secrecy while
retaining the associated performance benefits. That is much more work,
though. On the other hand, having the ability to disable session
tickets allows having a deployable configuration right now in the
cases when either forward secrecy is wanted or sharing the TLS
key/cert pair between multiple servers is needed (or both).

2021-10-01 15:50:43 +03:00

isc

Add "session-tickets" options to the "tls" clause

2021-10-01 15:50:43 +03:00

.clang-format

Add separate .clang-format files for headers

2020-02-14 09:31:05 +01:00