You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In case of TLS, keys used to encrypt session tickets is also a long-term secret that needs to be taken care in addition to RSA private keys (note :in H2O we rotate the session ticket keys periodically, but not all web servers do it; see http://blog.kazuhooku.com/2015/07/h2o-version-140-released-with.html).
With OpenSSL it is possible add user-defined symmetric ciphers / HMACs at run-time, so it is theoretically possible to create them that uses IPC so that their secrets will be protected in conjunction with the RSA private keys.
The downside is that due to how OpenSSL is designed, it would cause two IPC calls for every ticket-based session resumption.
The text was updated successfully, but these errors were encountered:
In case of TLS, keys used to encrypt session tickets is also a long-term secret that needs to be taken care in addition to RSA private keys (note :in H2O we rotate the session ticket keys periodically, but not all web servers do it; see http://blog.kazuhooku.com/2015/07/h2o-version-140-released-with.html).
With OpenSSL it is possible add user-defined symmetric ciphers / HMACs at run-time, so it is theoretically possible to create them that uses IPC so that their secrets will be protected in conjunction with the RSA private keys.
The downside is that due to how OpenSSL is designed, it would cause two IPC calls for every ticket-based session resumption.
The text was updated successfully, but these errors were encountered: