Closed Bug 1364300 Opened 7 years ago Closed 7 years ago

Refactor session ticket handling

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Version:
3.31
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mt, Unassigned)

Details

This builds on work that ekr did in <https://nss-review.dev.mozaws.net/D116>.

This is primarily a bunch of refactoring.  The construction of a blob of text that is encrypted toward the server is now a new, independent file, with a separate interface.  Also, the handling of session tickets has been broken down into smaller units.

This should allow us to more easily to stateless rejects and other things.  It should also allow us to construct a more robust self-encryption scheme.

This includes a minor functionality change.  Prior to this, a badly formatted ticket would be treated as though the ticket did not exist.  The connection would proceed without resumption if the ticket was corrupted.  However, given the effort we put into encrypting and integrity protecting this data, if the data doesn't parse we should instead abort the connection.

In practice, this should not change how NSS behaves: the chance that a ticket could be corrupted is miniscule.
https://hg.mozilla.org/projects/nss/rev/9508bb17c1e1495befc3694df7b377168151600c

I don't know if the self-encrypt stuff will land with this bug number or not, so I'll keep this open.
self-encrypt code landed.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.