From: Petr Špaček Date: Wed, 13 Jun 2018 12:58:39 +0000 (+0200) Subject: daemon/tls: document limitations of the session key synchronization X-Git-Tag: v2.4.0~24^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2159590939c809f53e74cdbdc7bf44f73ff62355;p=thirdparty%2Fknot-resolver.git daemon/tls: document limitations of the session key synchronization --- diff --git a/daemon/README.rst b/daemon/README.rst index 32289823d..195191d23 100644 --- a/daemon/README.rst +++ b/daemon/README.rst @@ -505,13 +505,16 @@ TLS server configuration If you provide the same secret to multiple instances, they will be able to resume each other's sessions *without* any further communication between them. - For good security, the secret must have enough entropy to be hard to guess, - and it should still be occasionally rotated manually (and securely forgotten), + This synchronization works only among instances having the same endianess + and time_t structure and size (`sizeof(time_t)`). + + **For good security** the secret must have enough entropy to be hard to guess, + and it should still be occasionally rotated manually and securely forgotten, to reduce the scope of privacy leak in case the `secret leaks eventually `_. - .. warning:: setting the secret is probably too risky with TLS <= 1.2. - At this moment no gnutls stable release even supports TLS 1.3. + .. warning:: **Setting the secret is probably too risky with TLS <= 1.2**. + At this moment no GnuTLS stable release even supports TLS 1.3. Therefore setting the secrets should be considered experimental for now. .. function:: net.tls_sticket_secret_file([string with path to a file containing pre-shared secret]) diff --git a/daemon/tls_session_ticket-srv.c b/daemon/tls_session_ticket-srv.c index 9456f0c68..f2e02881a 100644 --- a/daemon/tls_session_ticket-srv.c +++ b/daemon/tls_session_ticket-srv.c @@ -143,9 +143,10 @@ static int tst_key_update(tst_ctx_t *ctx, time_t epoch, bool force_update) assert(!EINVAL); return kr_error(EINVAL); } + /* documented limitation: time_t and endianess must match + * on instances sharing a secret */ if (!force_update && memcmp(ctx->hash_data, &epoch, sizeof(epoch)) == 0) { return kr_ok(); /* we are up to date */ - /* TODO: support mixing endians? */ } memcpy(ctx->hash_data, &epoch, sizeof(epoch));