Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3301

TLS ticket rotation

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.3.0
    • Component/s: Core, SSL
    • Labels:
      None

      Description

      We all know that it is bad security practice to use the same password/key all the time. This project tries to rotate TLS session ticket keys periodically. When an admin runs "traffic_line -x" after a new ticket key is put in the key file ssl_ticket.key, an event will be generated and ATS will reconfigure SSL. The keys are read in all at the same time and the first entry is the most recent key. A new key is assumed to be put at the beginning of ssl_ticket.key file and an old key is chopped off at the end from the file.

      Author: Bin Zeng <bzeng@linkedin.com>

        Attachments

        1. traffic_line_rotation_6.diff
          12 kB
          Brian Geffon

          Activity

            People

            • Assignee:
              jamespeach James Peach
              Reporter:
              briang Brian Geffon
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: