BUG/MINOR: ssl: Fix 48 byte TLS ticket key rotation Whenever HAProxy was reloaded with rotated keys, the resumption would be broken for previous encryption key. The bug was introduced with the addition of 80 byte keys in 9e7547 (MINOR: ssl: add support of aes256 bits ticket keys on file and cli.). This fix needs to be backported to 1.9.

commit: 8ef706502aa2000531d36e4ac56dbdc7c30f718d [log] [tgz]
author: Nenad Merdanovic <nmerdan@haproxy.com> Sun Apr 14 16:06:46 2019 +0200
committer: Willy Tarreau <w@1wt.eu> Mon Apr 15 10:09:54 2019 +0200
tree: a644aa052c495d7fb2aac9eb235599038d20fe21
parent: 646b7741bc683d6c6b43342369afcbba33d7b6ec [diff]
diff --git a/include/types/ssl_sock.h b/include/types/ssl_sock.h
index a2fff77..20b08a5 100644
--- a/include/types/ssl_sock.h
+++ b/include/types/ssl_sock.h

@@ -63,7 +63,7 @@
 
 union tls_sess_key{
 	unsigned char name[16];
-	struct tls_sess_key_256 key_128;
+	struct tls_sess_key_128 key_128;
 	struct tls_sess_key_256 key_256;
 } __attribute__((packed));
commit	8ef706502aa2000531d36e4ac56dbdc7c30f718d	[log] [tgz]
author	Nenad Merdanovic <nmerdan@haproxy.com>	Sun Apr 14 16:06:46 2019 +0200
committer	Willy Tarreau <w@1wt.eu>	Mon Apr 15 10:09:54 2019 +0200
tree	a644aa052c495d7fb2aac9eb235599038d20fe21
parent	646b7741bc683d6c6b43342369afcbba33d7b6ec [diff]