Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / d8fd63691deab9fe316656c2070eb94e4f0febee^! / .
commitd8fd63691deab9fe316656c2070eb94e4f0febee[log] [tgz]
authorLukas Tribus <lukas@ltri.eu>Tue Mar 10 00:56:09 2020 +0100
committerWilly Tarreau <w@1wt.eu>Tue Mar 31 18:54:55 2020 +0200
tree201a6685f5a171444bd7ec4a7613579e792de4d3
parent8e2c1d238509ea5e9039bac241a4e8c1c3c1200d [diff]
DOC: ssl: clarify security implications of TLS tickets

Clarifies security implications of TLS ticket usage when not
rotating TLS ticket keys, after commit 7b5e136458 ("DOC:
improve description of no-tls-tickets").

(cherry picked from commit bdb386d3d9d81b863470086ece1b0709d3cd8ec8)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 41cca45e35ae541d4dfa3aba38ee30b784001d13)
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/doc/configuration.txt b/doc/configuration.txt
index a9fb1f0..6b0bad1 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -11779,10 +11779,9 @@
   extension) and force to use stateful session resumption. Stateless
   session resumption is more expensive in CPU usage. This option is also
   available on global statement "ssl-default-bind-options".
-  The TLS ticket mechanism is only used up to TLS 1.2 and it is prone to
-  man-in-the-middle attacks. You should consider to disable them for
-  security reasons. TLS 1.3 implements more secure methods for session
-  resumption.
+  The TLS ticket mechanism is only used up to TLS 1.2.
+  Forward Secrecy is compromised with TLS tickets, unless ticket keys
+  are periodically rotated (via reload or by using "tls-ticket-keys").
 
 no-tlsv10
   This setting is only available when support for OpenSSL was built in. It
@@ -12482,10 +12481,9 @@
   extension) and force to use stateful session resumption. Stateless
   session resumption is more expensive in CPU usage for servers. This option
   is also available on global statement "ssl-default-server-options".
-  The TLS ticket mechanism is only used up to TLS 1.2 and it is prone to
-  man-in-the-middle attacks. You should consider to disable them for
-  security reasons. TLS 1.3 implements more secure methods for session
-  resumption.
+  The TLS ticket mechanism is only used up to TLS 1.2.
+  Forward Secrecy is compromised with TLS tickets, unless ticket keys
+  are periodically rotated (via reload or by using "tls-ticket-keys").
   See also "tls-tickets".
 
 no-tlsv10
@@ -12910,6 +12908,9 @@
   This option may be used as "server" setting to reset any "no-tls-tickets"
   setting which would have been inherited from "default-server" directive as
   default value.
+  The TLS ticket mechanism is only used up to TLS 1.2.
+  Forward Secrecy is compromised with TLS tickets, unless ticket keys
+  are periodically rotated (via reload or by using "tls-ticket-keys").
   It may also be used as "default-server" setting to reset any previous
   "default-server" "no-tls-tickets" setting.