[PATCH] SSL: always renewing tickets with TLSv1.3 (ticket #1892)

Maxim Dounin mdounin at mdounin.ru
Fri Jan 21 03:57:42 UTC 2022


# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1642737110 -10800
#      Fri Jan 21 06:51:50 2022 +0300
# Node ID cff51689a4a182cb11cba2eb9303e2bc21815432
# Parent  96ae8e57b3dd1b10f29d3060bbad93b7f9357b92
SSL: always renewing tickets with TLSv1.3 (ticket #1892).

Chrome only use TLS session tickets once with TLS 1.3, likely following
RFC 8446 Appendix C.4 recommendation.  With OpenSSL, this works fine with
built-in session tickets, since these are explicitly renewed in case of
TLS 1.3 on each session reuse, but results in only two connections being
reused after an initial handshake when using ssl_session_ticket_key.

Fix is to always renew TLS session tickets in case of TLS 1.3 when using
ssl_session_ticket_key, similarly to how it is done by OpenSSL internally.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -4448,7 +4448,21 @@ ngx_ssl_session_ticket_key_callback(ngx_
             return -1;
         }
 
-        return (i == 0) ? 1 : 2 /* renew */;
+        /* renew if TLSv1.3 */
+
+#ifdef TLS1_3_VERSION
+        if (SSL_version(ssl_conn) == TLS1_3_VERSION) {
+            return 2;
+        }
+#endif
+
+        /* renew if non-default key */
+
+        if (i != 0) {
+            return 2;
+        }
+
+        return 1;
     }
 }
 



More information about the nginx-devel mailing list