[MDEV-15341] Disable TLS session tickets Created: 2018-02-17  Updated: 2018-08-31  Resolved: 2018-08-31

Status: Closed
Project: MariaDB Server
Component/s: SSL
Fix Version/s: N/A

Type: Task Priority: Minor
Reporter: Georg Richter Assignee: Sergei Golubchik
Resolution: Won't Fix Votes: 0
Labels: None

Attachments: PNG File Screenshot from 2018-02-17 10-23-52.png     PNG File Screenshot from 2018-02-17 10-49-39.png     File no_ticket.patch    
Issue Links:
Relates
relates to MDEV-10803 connection timeout doesn't work for S... Open
Sprint: 10.2.14

 Description   

By default the RFC5077 (TLS session ticket) extension is enabled in MariaDB server.

When connecting via Windows SChannel (which uses session tickets by default) the handshake fails sometimes, since the server isn't able to send a session ticket (see 2nd screenshot: Instead of sending the session ticket, server sends a 92 byte packet, containing the error message "Bad handshake").

Proposal: Fix or disable session tickets in server.

How to repeat:

C:\>mysql -uuser -ppassword -hmariadbtls2.cvz6gk5op1wk.us-east-1.rds.amazonaws.com --ssl -e"select @@version_ssl_library";
 
+--------------------------------+
 
| @@version_ssl_library          |
 
+--------------------------------+
 
| OpenSSL 1.0.1k-fips 8 Jan 2015 |
 
+--------------------------------+
 
 
 
C:\>mysql -uuser -ppassword -hmariadbtls2.cvz6gk5op1wk.us-east-1.rds.amazonaws.com --ssl -e"select @@version_ssl_library";
 
ERROR 2026 (HY000): Unknown SSL error (0x80090308)



 Comments   
Comment by Georg Richter [ 2018-02-19 ]

After setting SSL_OP_NO_TICKET I wasn't able to reproduce issue anymore.

Beside setting SSL_OP_NO_TICKET all server status variables which refer to session caching should be removed.

Comment by Sergei Golubchik [ 2018-03-09 ]

Why does the server sometimes send a wrong packet?

Comment by Georg Richter [ 2018-03-11 ]

Hi Serg,

as you can see in 2nd screenshot the server is sending the Server Hello packet and immediately after it a 92 bytes long packet (with error code 08S02 "bad handshake").

Please also note that the server never does an SSL_shutdown, which means the tickets in cache are still marked as in use and can't be reused therefore. See also https://nachtimwald.com/2014/10/05/server-side-session-cache-in-openssl/

I'm also curious why session ticketing is supported in server but no single test is available.

Comment by Sergei Golubchik [ 2018-03-13 ]

Right, I see that. But why the server is doing that? Only sometimes and only when talking to an SChannel client, as far as I understand.

And what do you mean "sever never does SSL_shutdown"? Of course it does, just run any ssl test with a breakpoint on SSL_shutdown

Comment by Georg Richter [ 2018-03-13 ]

Serg,

actually I don't know why the server is doing that - and I'm not sure if I should spend more time to debug this until we decide to officially support RFC5077. According to latest TLS 1.3 draft it's obsoleted in TLS v.1.3

Windows Schannel by default supports RFC5077, however there is no option to disable it via API (unless you disable it globally over registry).

Comment by Sergei Golubchik [ 2018-06-11 ]

Looks like session resumption never worked in libmysqlclient, because libmysqlclient never tries to reuse SSL_SESSION. It uses neither SSL_get1_session() nor SSL_set_session() and SSL_session_reused() is always 0.

But Connector/C supports session reuse, even if it's currently disabled. Other connectors might support it too.

This RFC5077 issue between OpenSSL and SChannel is not MariaDB specific, I found other references to it (e.g. with Windows client and Apache+OpenSSL).

So, I'd rather enable session reuse in C/C to make use of this optimization.

Generated at Thu Feb 08 08:20:33 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.