Downloaded 25 times
![#nginx #nginxconf30
Sample solution: Augmented nginx conf
Set "ssl_session_cache memcached:<name>[:<host>[:<port>]]"
• Blocking I/O :(
• Need to add session encryption :(
• No tests. :(](https://image.slidesharecdn.com/zinginxconf2015-150924234723-lva1-app6892/85/Zi-nginx-conf_2015-30-320.jpg)
![#nginx #nginxconf
Ticket key rotation
• Rotate the ticket encryption key once a while
• Nginx embeds a key array as OpenSSL ex_data
40
[key_0, key_1, key_2, … key_n]
encryption decryption
[new-key, key_0, key_1, key_2, … key_n]](https://image.slidesharecdn.com/zinginxconf2015-150924234723-lva1-app6892/85/Zi-nginx-conf_2015-40-320.jpg)
![#nginx #nginxconf41
Ticket key rotation
• Lock-free key synchronization
[key_0, key_{n}, key_{n-1}, … key_1, key_0]
[key_0, new-key, key_{n-1}, …, key_1, key_0]
[new-key, new-key, key_{n-1}, …, key_1, key_0]
[new-key, key_{n-1}, new-key, …, key_1, key_0]
[new-key, key_{n-1}, key_{n-2}, …, key_0, new-key]
Key update loop](https://image.slidesharecdn.com/zinginxconf2015-150924234723-lva1-app6892/85/Zi-nginx-conf_2015-41-320.jpg)
Uploaded byZi Lin
Zi nginx conf_2015
1. The document discusses TLS session resumption across multiple servers using ngx_lua. It introduces TLS handshakes and session resumption. 2. It describes how ngx_lua can implement cross-host session resumption via session IDs and tickets through Lua scripts while maintaining performance and forward secrecy. Small patches are needed to Nginx/OpenSSL. 3. Key aspects covered are a memcached session store interface, non-blocking I/O, ticket key encryption and rotation, and configuration via Lua scripts without modifying Nginx core. This allows cross-host session resumption compatible with TLSv1.3.
More Related Content
Zi nginx conf_2015
- 1. TLS Cross-host Session Resumptionvia ngx_lua forward secrecy, best practices and more 24/09/2015 Zi Lin zi@cloudflare.com @lziest
- 2. #nginx #nginxconf About Me •System Engineer at CloudFlare Inc. • Touch everything about TLS • Nginx/OpenSSL • CFSSL • Internal system security infrastructure 2
- 3. Agenda #nginx #nginxconf3 1 2 3 4 TLS Handshake101 Brief introduction on TLS handshake and session resumption Cross-host session resumption Why it poses an engineering problem Session resumption by ngx_lua designs for both session id and session ticket Solve session resumption at CloudFlare How we achieve session resumptions with performance and forward secrecy CC BY 2.0 image by Brenda Clarke
- 4. #nginx #nginxconf TLS Handshake 4 source:https://youtu.be/KvxCv_yrcCY
- 5. #nginx #nginxconf TLS Handshake RSA 5 ClientHello ServerHello ClientKeyExchange ServerRandomClient Random Encrypted premaster secret Premaster secret = + +Session Key Finished RSA Private Key
- 6. #nginx #nginxconf TLS Handshake Diffie-Hellman 6 ClientHello ServerHello ServerKeyExchange ClientKeyExchange ServerRandomClient Random 6 = + +Session Key +=+= Server DHClient DH Finished
- 7. #nginx #nginxconf TLS Handshakeis expensive 7
- 8. #nginx #nginxconf TLS Handshake Performance 8 RSADecryption ECDH ops/sec, NIST p-curve 0 150 300 450 600 2048 4096 0 650 1300 1950 2600 256 384 521 ops/sec
- 9. #nginx #nginxconf9 TLS Handshake Latency NetworkRound-trip Latency 0 40ms 80ms 120ms 160ms Local Coast to Coast
- 10. #nginx #nginxconf TLS SessionResumption ClientHello ServerHello Hi Server, Remember me? Yup, let’s reuse the cipher Session Key
- 11. #nginx #nginxconf Resumed bySession ID 11 Hi Server, Remember me? session #2 ClientHello ServerHello Yup, let’s reuse the cipher lookup session idSession Key
- 12. #nginx #nginxconf Resumed bySession ID 12 Hi Server, Remember me? session #100K ClientHello ServerHello Yup, let’s reuse the cipher lookup session id 10K session/sec * 3600 sec * 100 B/session = 3.6GB Session Key
- 13. #nginx #nginxconf Let ClientsDo Storage: Session Ticket 13 Finished Session ticket Keep this! lookup ticket key =
- 14. #nginx #nginxconf Resumed bySession Ticket 14 Hi Server, Remember this? ClientHello ServerHello Yup, let’s reuse the cipher lookup ticket key =Session Key Session Ticket
- 15.
- 16. #nginx #nginxconf Nginx supportsboth mechanisms! But what if there are >1 servers? 16
- 17. #nginx #nginxconf If eachserver maintains its own states 17 TLS Handshake Session Resumption Fail
- 18. 0 0.25 0.5 0.75 1 1 2 510 100 Success rate The More, The Less Merrier #nginx #nginxconf18
- 19. #nginx #nginxconf CloudFlare mustsupport both session resumption mechanisms across hosts 19 Have to, because some IEs and most Safaris don’t support session ticket yet. https://www.howsmyssl.com
- 20. #nginx #nginxconf CloudFlare mustsupport both session resumption mechanisms across hosts 20 SSL sessions % 0 15 30 45 60 ID Support Ticket Support
- 21. #nginx #nginxconf Cross-host SessionResumption by Id 21 ClientHello ServerHello lookup session id store session by id
- 22. #nginx #nginxconf Cross-host SessionTicket Resumption 22 ClientHello ServerHello lookup ticket key =
- 23. #nginx #nginxconf Forward Secrecy 23 HiServer, Remember this know ticket key, knows all hours later Hi Server, Remember this
- 24. #nginx #nginxconf Shared ticketkey rotation 24 update ticket key timestamp key T_0 T_1 T_2 T_3 key schedule
- 25. #nginx #nginxconf Resumed bysession ticket 25 Yup, reuse the cipher Hi Server, Remember this btw, use this next time =re_encrypt( ) ticket key rotated
- 26. #nginx #nginxconf Forward Secrecy 26 HiServer, Remember this ??? hours later Hi Server, Remember this
- 27. #nginx #nginxconf Cross-host Session Resumption 27 ClientHello ServerHello lookup ticketkey = time key T_0 T_1 T_2 T_3 update ticket key
- 28. #nginx #nginxconf Requirements forCross-Host Session Resumption • Shared key store: memcached interface • Performance - Non-blocking I/O • Performance - multi-tiered caching • Security - Session encryption; Ticket key encryption; • Usability - Easy-to-maintain Configuration 28
- 29. #nginx #nginxconf A newnginx conf module? 29 Shared Memcached session store
- 30. #nginx #nginxconf30 Sample solution:Augmented nginx conf Set "ssl_session_cache memcached:<name>[:<host>[:<port>]]" • Blocking I/O :( • Need to add session encryption :( • No tests. :(
- 31. #nginx #nginxconf • Sharedsession store: memcached interface • Performance - Non-blocking I/O • Performance - multi-tiered caching • Security - Session encryption • Usability - Script as Configuration • Have Tests! 31 Let’s do it in ngx_lua a.k.a. Openresty
- 32. #nginx #nginxconf32 ngx_lua ina nutshell Write C callbacks in Lua with almost no performance hit
- 33. #nginx #nginxconf33 Follow thepath of ssl-cert-by-lua @agentzh
- 34. #nginx #nginxconf OpenSSL TLSserver-side state machines 34 • OpenSSL state machine needs to have a state for non-blocking session I/O WaitForReceive WaitForSend ProcessClientMessage WaitForSession WaitForCertCallback* *Need Nginx patch
- 35. #nginx #nginxconf Non-blocking sessionI/O with Nginx/OpenSSL 35 OpenSSL TLS Handshake State Machine • Event Handler needs to know the handshake is ongoing with session I/O
- 36. #nginx #nginxconf Minimal changesin Nginx/OpenSSL • OpenSSL patch, ported from BoringSSL • Nginx patch (on top of ssl-cert-by-lua patch) 36
- 37. #nginx #nginxconf https://github.com/ openresty/lua-nginx-module 37 branch ssl-session-by-luaon top of ssl-cert-by-lua Development in ngx_lua Still under internal review/testing
- 38. #nginx #nginxconf Lua scriptingfor Session I/O 38 cache.lua: 250 loc, 7.5kb memc.lua: 298 loc, 8kb shdict.lua: 81 loc, 1.8kb
- 39. #nginx #nginxconf Cross-host SessionTicket Resumption 39 ClientHello ServerHello lookup ticket key =
- 40. #nginx #nginxconf Ticket keyrotation • Rotate the ticket encryption key once a while • Nginx embeds a key array as OpenSSL ex_data 40 [key_0, key_1, key_2, … key_n] encryption decryption [new-key, key_0, key_1, key_2, … key_n]
- 41. #nginx #nginxconf41 Ticket keyrotation • Lock-free key synchronization [key_0, key_{n}, key_{n-1}, … key_1, key_0] [key_0, new-key, key_{n-1}, …, key_1, key_0] [new-key, new-key, key_{n-1}, …, key_1, key_0] [new-key, key_{n-1}, new-key, …, key_1, key_0] [new-key, key_{n-1}, key_{n-2}, …, key_0, new-key] Key update loop
- 42. #nginx #nginxconf Let’s modifyNginx? • Shared ticket key store: memcached interface • Non-blocking I/O • Implementation of a timer • Ticket key encryption • Configuration 42
- 43. #nginx #nginxconf Let’s doit in ngx_lua 43 • Shared ticket key store: memcached interface • Non-blocking I/O • Implementation of a timer • Ticket key encryption • Configuration
- 44. #nginx #nginxconf44 There isno need to modify Nginx/OpenSSL! Only scripting in nginx.conf Let’s do it in ngx_lua
- 45. #nginx #nginxconf45 periodically poll periodically poll HKG SIN Master timestamp key T_0 T_1 T_2 T_3 timestampkey T_0 T_1 T_2 T_3 timestamp key T_0 T_1 T_2 T_3 Going further at CloudFlare
- 46. #nginx #nginxconf A SneakPeek into Session resumption in TLSv1.3 46 Finished Session ticket Keep this! lookup ticket key = Session ID
- 47. #nginx #nginxconf Cross-host Session Resumption 47 ClientHello ServerHello lookup ticketkey = time key T_0 T_1 T_2 T_3 update ticket key id id
- 48. #nginx #nginxconf Team • YichunZhang @agentzh • Nick Sullivan @grittygrease • Shuxin Yang • Jiale Zhi @_calio • Guanlan Dai 48
- 49. #nginx #nginxconf Recap • Cross-hostTLS session resumption by id • New ngx_lua directives: ssl_session_store_by_lua ssl_session_fetch_by_lua • Small patches in Nginx/OpenSSL • TLSv1.3 compatible • Cross-host TLS session ticket resumption with forward secrecy • Scripting in init_worker_by_lua and init_by_lua • No need to touch Nginx or OpenSSL • TLSv1.3 compatible 49
- 50. #nginx #nginxconf Caching isnecessary • Can’t spend 100ms for each session retrieval • Shared memory cache - workers • Lua cache - single worker • Worse case is pretty rare 50