Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow TLS sessionTicketKeys config #10284

Open
wants to merge 1 commit into
base: v2.10
Choose a base branch
from
Open

Allow TLS sessionTicketKeys config #10284

wants to merge 1 commit into from

Conversation

mzealey
Copy link

@mzealey mzealey commented Dec 6, 2023

What does this PR do?

Allow specification of custom TLS session ticket keys.

Fixes #4550

Motivation

From the added docs:

This option allows you to specify a list of TLS Session Ticket Keys which store
the TLS connection state on the client and allow the TLS session resumption
with less overhead than re-establishing it from scratch. This is used in both
TLSv1.2 Session Tickets and TLSv1.3 PSK algorithms.

The use-case for this is 3-fold:

  1. If you run a cluster of Traefik servers you can put the same Session Ticket
    Keys on all servers and then a client can use it for lightweight session
    re-establishment to any of the servers in the cluster. By default each
    server will have its own random keys so a ticket valid for one server would
    not be valid for the others.
  2. Restart traefik without loosing TLS ticket validity. As the default ticket
    keys are stored in memory, when Traefik restarts they will be lost. By
    writing them to the config file they are persisted across restarts
  3. Custom cycling and retention periods: The default daily rotation and 7-day
    retention periods are not customizable. You may wish to write a cronjob to
    update the Traefik config file more or less frequently, with longer or
    shorter retention periods.

If you use this option you are responsible for key rotation, which should occur
at least on a daily basis or Perfect Forward Secrecy is compromised. These keys
should be stored securely or your TLS sessions may be intercepted and
decrypted.

If not specified, the default golang crypto/tls algorithm is used which is to
keep 7 days of keys and rotate on a daily basis.

More

  • Added/updated tests - Unsure how to write automated tests for this so basic procedure documented below
  • Added/updated documentation

Additional Notes

Test like:

$ openssl s_client -no_tls1_3 -connect server:443 -sess_out sess < /dev/null 2>&1 |egrep 'SSL handsh|Reused|subject='
subject=CN = ssl-test4.systest.moya.app
SSL handshake has read 4171 bytes and written 316 bytes
$ openssl s_client -no_tls1_3 -connect server:443 -sess_in sess < /dev/null 2>&1 |egrep 'SSL handsh|Reused|subject='
subject=CN = ssl-test4.systest.moya.app
SSL handshake has read 287 bytes and written 427 bytes
Reused, TLSv1.3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256

Restarting the server and running the second command again will currently show the first output (ie no Reused entry), but with the patch will show a Reused line.

Tested with and without -no_tls1_3 to test 1.2 and 1.3 as they use different methods.

@traefiker traefiker added this to the 2.10 milestone Dec 6, 2023
@nmengin nmengin removed this from the 2.10 milestone Dec 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kevinpollet kevinpollet

@lbenguigui lbenguigui

Labels
size/M status/0-needs-triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mzealey @kevinpollet @nmengin @lbenguigui @traefiker