cpu
commented
3 weeks ago I was looking at adding Ubuntu 24.04 to the CI matrix now that runner images are available (see https://github.com/rustls/rustls-openssl-compat/pull/20 for some discussion) and noticed the runner.rs nginx test fails on 24.40 with Nginx 1.24.0 because the /ssl-was-reused endpoint always returns ..
Here are some notes on the root cause - the TL;DR (and why I'm commenting here) is that I believe we need to implement the session ticket callback functionality to make 1.24.0 have working session resumption.
Reproducing locally it's pretty obvious why the resumption test is failing as nginx 1.24.0 logs this at startup:
2024/06/11 14:24:46 [warn] 2922744#2922744: nginx was built with Session Tickets support, however, now it is linked dynamically to an OpenSSL library which has no tlsext support, therefore Session Tickets are not available
That in turn seems to be emitted in ngx_event_openssl.c when SSL_CTX_set_tlsext_ticket_key_cb fails. Both that function (deprecated) and the replacement SSL_CTX_set_tlsext_ticket_key_evp_cb are #define's that expand to calls to SSL_CTX_callback_ctrl with cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB.
In both cases the callback has the signature:
int (*cb)(SSL *s, unsigned char key_name[16],
unsigned char iv[EVP_MAX_IV_LENGTH],
EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hctx, int enc))We have some experience implementing cmd's off of the SSL_CTX_callback_ctrl entry point (presently just SslCtrl::SetTlsExtServerNameCallback) but this callback also needs initialized EVP_CIPHER_CTX and EVP_MAC_CTX arguments. Should these be modeled similar to EVP_PKEY?
ctz
At the moment client-side session caching only respects
SSL_CTX_sess_set_cache_size, but not the cache mode, callbacks,SSL_get_sessionetc.Meaningfully implementing
SSL_get_sessionwould mean rustls client sessions would need to become serialisable -- they currently are not.