diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-11-08 08:35:01 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-11-08 08:37:35 +0100 |
commit | 06505d37cb9671b20e2d80278d3517716fb59ece (patch) | |
tree | 12a19fee22e215ce6346d0d783b54e080f94b29c | |
parent | 20db59c0db3a29e834bd4b82b99e46b6ae891777 (diff) | |
download | gnutls-06505d37cb9671b20e2d80278d3517716fb59ece.tar.gz |
doc: updated text on session tickets
-rw-r--r-- | doc/cha-gtls-app.texi | 4 | ||||
-rw-r--r-- | doc/cha-intro-tls.texi | 9 |
2 files changed, 11 insertions, 2 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 5098b99407..a2e0e08f2c 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1372,7 +1372,9 @@ for expiration. A server utilizing tickets should generate ticket encryption and authentication keys using @funcref{gnutls_session_ticket_key_generate}. Those keys should be associated with the GnuTLS session using -@funcref{gnutls_session_ticket_enable_server}. +@funcref{gnutls_session_ticket_enable_server}, and should be rotated regularly +(e.g., every few hours), to prevent them from becoming long-term keys which +if revealed could be used to decrypt all previous sessions. @showfuncdesc{gnutls_session_ticket_enable_server} @showfuncdesc{gnutls_session_ticket_key_generate} diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index ba4af097ba..f45b49fcfa 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -437,7 +437,14 @@ to the client. Because session parameters are sensitive they are encrypted and authenticated with a key only known to the server and then sent to the client. The Session Tickets extension is described in RFC 5077 @xcite{TLSTKT}. -Since version 3.1.3 GnuTLS clients transparently support session tickets. +A disadvantage of session tickets is that they eliminate the effects of +forward secrecy when a server uses the same key for long time. That is, +the secrecy of all sessions on a server using tickets depends on the ticket +key being kept secret. For that reason server keys should be rotated and discarded +regularly. + +Since version 3.1.3 GnuTLS clients transparently support session tickets, +unless the PFS session string is specified. @node HeartBeat @subsection HeartBeat |