[mod_gnutls-devel] RFC: mod_gnutls 0.8 beta and session tickets

[Thomas Klute]

Hi everyone,

I have just pushed the mod_gnutls/0.8.0-beta tag to the public git
repositories. Significant changes since the alpha in June are rate
limiting for failed OCSP requests, configurable nonce checking, and
configurable socket timeout a for connections to OCSP responders.

There are two things I would particularly appreciate feedback on:

* The OCSP stapling implementation

* The default setting for Session Tickets has changed from previous
releases and is now OFF (see below).

The session ticket change matches what the documentation has been saying
anyway. The main reason to change the code and not the documentation is
that there is currently no mechanism to automatically rotate the master
key, which may compromise client's forward secrecy if an attacker gains
access to server memory. The down side is reduced performance for
configurations that do not explicitly enable session tickets or the
session cache. The mod_ssl developers apparently chose the other way
around and leave tickets on by default, likewise without rotation and
just a warning in the documentation to regularly restart the server to
change the key.

In practice most people will probably rotate their keys by restarting
Apache for log rotation, but to me it seems questionable to rely on
that in the default configuration. However, I would like to hear your
opinion on this whether you are in agreement or not (and why).

Regards,
Thomas