From bdb386d3d9d81b863470086ece1b0709d3cd8ec8 Mon Sep 17 00:00:00 2001 From: Lukas Tribus Date: Tue, 10 Mar 2020 00:56:09 +0100 Subject: [PATCH] DOC: ssl: clarify security implications of TLS tickets Clarifies security implications of TLS ticket usage when not rotating TLS ticket keys, after commit 7b5e136458 ("DOC: improve description of no-tls-tickets"). --- doc/configuration.txt | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 0083549b5..33425a6c6 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -11677,10 +11677,9 @@ no-tls-tickets extension) and force to use stateful session resumption. Stateless session resumption is more expensive in CPU usage. This option is also available on global statement "ssl-default-bind-options". - The TLS ticket mechanism is only used up to TLS 1.2 and it is prone to - man-in-the-middle attacks. You should consider to disable them for - security reasons. TLS 1.3 implements more secure methods for session - resumption. + The TLS ticket mechanism is only used up to TLS 1.2. + Forward Secrecy is compromised with TLS tickets, unless ticket keys + are periodically rotated (via reload or by using "tls-ticket-keys"). no-tlsv10 This setting is only available when support for OpenSSL was built in. It @@ -12380,10 +12379,9 @@ no-tls-tickets extension) and force to use stateful session resumption. Stateless session resumption is more expensive in CPU usage for servers. This option is also available on global statement "ssl-default-server-options". - The TLS ticket mechanism is only used up to TLS 1.2 and it is prone to - man-in-the-middle attacks. You should consider to disable them for - security reasons. TLS 1.3 implements more secure methods for session - resumption. + The TLS ticket mechanism is only used up to TLS 1.2. + Forward Secrecy is compromised with TLS tickets, unless ticket keys + are periodically rotated (via reload or by using "tls-ticket-keys"). See also "tls-tickets". no-tlsv10 @@ -12813,6 +12811,9 @@ tls-tickets This option may be used as "server" setting to reset any "no-tls-tickets" setting which would have been inherited from "default-server" directive as default value. + The TLS ticket mechanism is only used up to TLS 1.2. + Forward Secrecy is compromised with TLS tickets, unless ticket keys + are periodically rotated (via reload or by using "tls-ticket-keys"). It may also be used as "default-server" setting to reset any previous "default-server" "no-tls-tickets" setting.