Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / bdb386d3d9d81b863470086ece1b0709d3cd8ec8^! / .
commitbdb386d3d9d81b863470086ece1b0709d3cd8ec8[log] [tgz]
authorLukas Tribus <lukas@ltri.eu>Tue Mar 10 00:56:09 2020 +0100
committerWilly Tarreau <w@1wt.eu>Tue Mar 10 03:52:22 2020 +0100
tree2338974b0e46ae968e612c4fb173ba9074b227fb
parent6763016866721a5c27b6a481783490e3c1692f8b [diff]
DOC: ssl: clarify security implications of TLS tickets

Clarifies security implications of TLS ticket usage when not
rotating TLS ticket keys, after commit 7b5e136458 ("DOC:
improve description of no-tls-tickets").

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 0083549..33425a6 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -11677,10 +11677,9 @@
   extension) and force to use stateful session resumption. Stateless
   session resumption is more expensive in CPU usage. This option is also
   available on global statement "ssl-default-bind-options".
-  The TLS ticket mechanism is only used up to TLS 1.2 and it is prone to
-  man-in-the-middle attacks. You should consider to disable them for
-  security reasons. TLS 1.3 implements more secure methods for session
-  resumption.
+  The TLS ticket mechanism is only used up to TLS 1.2.
+  Forward Secrecy is compromised with TLS tickets, unless ticket keys
+  are periodically rotated (via reload or by using "tls-ticket-keys").
 
 no-tlsv10
   This setting is only available when support for OpenSSL was built in. It
@@ -12380,10 +12379,9 @@
   extension) and force to use stateful session resumption. Stateless
   session resumption is more expensive in CPU usage for servers. This option
   is also available on global statement "ssl-default-server-options".
-  The TLS ticket mechanism is only used up to TLS 1.2 and it is prone to
-  man-in-the-middle attacks. You should consider to disable them for
-  security reasons. TLS 1.3 implements more secure methods for session
-  resumption.
+  The TLS ticket mechanism is only used up to TLS 1.2.
+  Forward Secrecy is compromised with TLS tickets, unless ticket keys
+  are periodically rotated (via reload or by using "tls-ticket-keys").
   See also "tls-tickets".
 
 no-tlsv10
@@ -12813,6 +12811,9 @@
   This option may be used as "server" setting to reset any "no-tls-tickets"
   setting which would have been inherited from "default-server" directive as
   default value.
+  The TLS ticket mechanism is only used up to TLS 1.2.
+  Forward Secrecy is compromised with TLS tickets, unless ticket keys
+  are periodically rotated (via reload or by using "tls-ticket-keys").
   It may also be used as "default-server" setting to reset any previous
   "default-server" "no-tls-tickets" setting.