mirror of
https://github.com/GrapheneOS/matrix.grapheneos.org.git
synced 2024-12-20 13:24:37 -05:00
087c1a6349
This is useless for TLSv1.3 since there's no longer any distinction in the protocol based on whether the server is using stateless or stateful session resumption. OpenSSL has a non-standard anti-replay mechanism for 0-RTT based on stateful session resumption but 0-RTT still ends up being a downgrade for the TLS security properties. nginx disables that feature since otherwise 0-RTT wouldn't work with the default stateless approach. Since this cache is only used for TLSv1.2 when stateless resumption isn't disabled and nearly all TLSv1.2 clients support tickets, it isn't getting any significant use. It provides worse forward secrecy than tickets because we implement ticket key rotation based on the expiry time and sessions aren't actively purged from the stateful cache when they expire. Cached session state varies in size and nginx ends up writing errors to the log when clearing out a session fails to make room for a new one due to it being larger. It's best to finally get rid of this flawed approach to session resumption. TLSv1.3 provides the option of forward secrecy for resumed sessions and it's the only approach that's normally enabled so we don't need to worry about this anymore once TLSv1.2 is disabled as long as we never enable 0-RTT which weakens forward secrecy and other security properties. |
||
|---|---|---|
| .. | ||
| snippets | ||
| mime.types | ||
| modules | ||
| nginx.conf | ||