nginx session ticket key rotation

nginx session ticket key rotation program for secure rotation of TLS session ticket keys and sharing in server clusters.

This program was developed as part of my Master's thesis at the Fachhochschule Salzburg. I hope to release my thesis with an open license as soon as possible. You'll find much more details on TLS, its performance, and this program in there. Although I aim to provide a complete documentation for it here, I currently don't have the time to write it up because (you guessed) I'm working on the thesis. Feel free to open an issue if you have questions or found a bug.

Usage

You should clone the repository to a place were it can stay. The files are needed and shouldn't be deleted. The best place is /etc as illustrated in the following example.

cd /etc
git clone https://github.com/Fleshgrinder/nginx-session-ticket-key-rotation.git
sh nginx-session-ticket-key-rotation/install.sh example.com localhost

This would install TLS session ticket rotation for example.com and localhost. You have to edit your nginx configuration yourself afterwards, a minimal configuration with the default ticket lifetime of my installation for localhost would look like the following example.

http {
  server {
    listen                     443 ssl;
    server_name                localhost;
    ssl_certificate            cert.pem;
    ssl_certificate_key        cert.key;
    ssl_ciphers                HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    ssl_session_timeout        24h;
    ssl_session_ticket_key     /mnt/session_ticket_keys/localhost.1.key;
    ssl_session_ticket_key     /mnt/session_ticket_keys/localhost.2.key;
    ssl_session_ticket_key     /mnt/session_ticket_keys/localhost.3.key;
  }
}

To uninstall the rotation mechanism simply execute the uninstall.sh script.

sh nginx-session-ticket-key-rotation/uninstall.sh

Server Names

You have to supply the server names (domains) to the installation script, this is important because you should only use a ticket key on a per host basis. You'll open your servers to various attacks (e.g. 5) if you share a keys among several hosts. The server names are also used to generate the key file names, which makes it easier for you to know which ticket belongs to which server.

Note that there are situations where you want to share keys among several hosts. But I warned you, this is something that you should only attempt if you absolutely understand the potential risks and what it can be good for!

Tests

The repository includes unit tests for most functions and an integration test. To run the test either execute them separately (have a look at the test directory) or by issuing make test.

You can safely delete the test directory if you don't want to waste disk space.

Coding Standard

The program should be as POSIX compliant as possible and everything was tested with the dash interpreter. Note that I prefer to use quotes around most strings because developers are used to do so in almost all other languages. Also note that there is a special dash bug related to closing stdout which is why I had to redirect stdout to /dev/null instead of directly closing it. The return values are always documented for each function, often that returned value is implicit returned by another called function. So you won't find a return statement in each function.

The best place for information on POSIX is [The Open Group Base Specifications] (http://pubs.opengroup.org/onlinepubs/9699919799/nframe.html).

TODO

• Better error handling with a proper exit handler instead of set -e that gives a hint what actually went wrong.
• Unit tests with shUnit2.
• Tell users to install something for better random numbers (esp. VPS), see Havege (haveged).
• Tell users to test their random numbers (rngtest)?
• Create slave program for clusters.
• Install ntp daemon right away if none was found?
• Test with other operating systems (currently only Debian tested).

License

This is free and unencumbered software released into the public domain.

For more information, please refer to http://unlicense.org

References

1. Joseph Salowey, Harry Zhou, Pasi Eronen and Hannes Tschofenig: “RFC 5077”, January, 2008.
2. Jacob Hoffman-Andrews: “[Forward Secrecy at Twitter] (https://blog.twitter.com/2013/forward-secrecy-at-twitter)”, November 22th, 2013.
3. Adam Langley: “[How to botch TLS forward secrecy] (https://www.imperialviolet.org/2013/06/27/botchingpfs.html)”, July 27th, 2013.
4. Jacob Hoffman-Andrews: “[How to check for TLS ticket key rotation] (https://jacob.hoffman-andrews.com/README/how-to-check-for-tls-ticket-key-rotation/)”, December 5th, 2013.
5. Antoine Delignat-Lavaud and Karthikeyan Bhargavan: “[Virtual Host Confusion: Weaknesses and Exploits] (https://www.blackhat.com/docs/us-14/materials/us-14-Delignat-The-BEAST-Wins-Again-Why-TLS-Keeps-Failing-To-Protect-HTTP-wp.pdf)”, August, 2014.

Weblinks

Other repositories of interest:

• nginx-configuration
• nginx-compile
• nginx-sysvinit-script