SSL_SESSION_set1_ticket ?

Viktor Dukhovni openssl-users at dukhovni.org
Thu Apr 4 15:16:23 UTC 2019


On Wed, Apr 03, 2019 at 06:09:59PM -0400, Viktor Dukhovni wrote:

> > Ah, right.  Unlike GnuTLS, the STEK is tied to the SSL_CTX and,
> > as you say, Exim initialises that fresh per connection.
> > Rearchitecting that is more effort than it's worth spending
> > on TLS 1.2, I think.
> 
> Well, the *default* STEK is in the SSL_CTX, but that is not a
> requirement, and you should use the default STEK, since it is
> not automatically rolled over.

[ Correction: ... should *not* use the default STEK, ... ]

For an example ticket callback implementation, see:

    https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_server.c#L294-L337

On line 315:

    https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_server.c#L315

either the matching keyset (current active for creating a new ticket,
either active or previous when decrypting an existing ticket) is
selected, and the requested HMAC_CTX and EVP_CIPHER_CTX structures
are initialized appropriately.  Keyset, because the HMAC and AES
keys are separate.  The ticket encryption algorithm chosen by Postfix
defaults to aes-256-cbc.  OpenSSL does not support AEAD for ticket
encryption.

-- 
	Viktor.


More information about the openssl-users mailing list