AnsweredAssumed Answered

How Session Tickets will compromise PFS

Question asked by João Ferreira on Dec 3, 2013
Latest reply on Dec 10, 2013 by Ivan Ristić

After some reads about PFS and one Black Hat 2013 session, for what i understand:


Session Tickets can compromise the Forward Secrecy. Why ?


Use of session tickets (enabled by default in OpenSSL) reduces effectiveness of TLS forward secrecy, because the keys used to

generate tickets survive for the lifetime of the httpd process. So if you have access to the httpd process you can retrieve the keys used to generate session tickets.


The demo was done by Florent Daigniére this year in the Black Hat conference and it was pretty easy to understand.


So in my case, i have Apache 2.2 and OpenSSL 1.0.1 and Ubuntu 12.04.3 LTS


That's already possible with SSLOpenSSLConfCmd using something like:


SSLOpenSSLConfCmd Options -SessionTicket


Unfortunately that's only supported in trunk and the unreleased OpenSSL 1.0.2 and later.


I read in some blogs that is possible to disable it in SSL_CTX, but i can't find where.


Anyone can help ?


Thanks in advance