Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8086:496241338da5
SSL: workaround for session timeout handling with TLSv1.3.
OpenSSL with TLSv1.3 updates the session creation time on session
resumption and keeps the session timeout unmodified, making it possible
to maintain the session forever, bypassing client certificate expiration
and revocation. To make sure session timeouts are actually used, we
now update the session creation time and reduce the session timeout
accordingly.
BoringSSL with TLSv1.3 ignores configured session timeouts and uses a
hardcoded timeout instead, 7 days. So we update session timeout to
the configured value as soon as a session is created.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 12 Oct 2022 20:14:57 +0300 |
| parents | 043006e5a0b1 |
| children | 81b4326daac7 |
comparison
equal
deleted
inserted
replaced
| 8085:043006e5a0b1 | 8086:496241338da5 |
|---|---|
| 1079 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); | 1079 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); |
| 1080 | 1080 |
| 1081 if (c->ssl->handshaked) { | 1081 if (c->ssl->handshaked) { |
| 1082 c->ssl->renegotiation = 1; | 1082 c->ssl->renegotiation = 1; |
| 1083 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL renegotiation"); | 1083 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL renegotiation"); |
| 1084 } | |
| 1085 } | |
| 1086 | |
| 1087 #endif | |
| 1088 | |
| 1089 #ifdef TLS1_3_VERSION | |
| 1090 | |
| 1091 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP | |
| 1092 && SSL_version(ssl_conn) == TLS1_3_VERSION) | |
| 1093 { | |
| 1094 time_t now, time, timeout, conf_timeout; | |
| 1095 SSL_SESSION *sess; | |
| 1096 | |
| 1097 /* | |
| 1098 * OpenSSL with TLSv1.3 updates the session creation time on | |
| 1099 * session resumption and keeps the session timeout unmodified, | |
| 1100 * making it possible to maintain the session forever, bypassing | |
| 1101 * client certificate expiration and revocation. To make sure | |
| 1102 * session timeouts are actually used, we now update the session | |
| 1103 * creation time and reduce the session timeout accordingly. | |
| 1104 * | |
| 1105 * BoringSSL with TLSv1.3 ignores configured session timeouts | |
| 1106 * and uses a hardcoded timeout instead, 7 days. So we update | |
| 1107 * session timeout to the configured value as soon as a session | |
| 1108 * is created. | |
| 1109 */ | |
| 1110 | |
| 1111 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn); | |
| 1112 sess = SSL_get0_session(ssl_conn); | |
| 1113 | |
| 1114 if (!c->ssl->session_timeout_set && sess) { | |
| 1115 c->ssl->session_timeout_set = 1; | |
| 1116 | |
| 1117 now = ngx_time(); | |
| 1118 time = SSL_SESSION_get_time(sess); | |
| 1119 timeout = SSL_SESSION_get_timeout(sess); | |
| 1120 conf_timeout = SSL_CTX_get_timeout(c->ssl->session_ctx); | |
| 1121 | |
| 1122 timeout = ngx_min(timeout, conf_timeout); | |
| 1123 | |
| 1124 if (now - time >= timeout) { | |
| 1125 SSL_SESSION_set1_id_context(sess, (unsigned char *) "", 0); | |
| 1126 | |
| 1127 } else { | |
| 1128 SSL_SESSION_set_time(sess, now); | |
| 1129 SSL_SESSION_set_timeout(sess, timeout - (now - time)); | |
| 1130 } | |
| 1084 } | 1131 } |
| 1085 } | 1132 } |
| 1086 | 1133 |
| 1087 #endif | 1134 #endif |
| 1088 | 1135 |