Closed Bug 421378 Opened 16 years ago Closed 6 months ago

Early initialization of server session ID cache keys

Tracking

(Not tracked)

Status:

RESOLVED INACTIVE

People

(Reporter: wtc, Unassigned)

References

Details

Wan-Teh Chang

Reporter

Description

•

16 years ago

Right now we do early initialization of server locks,
but we can't do early initialization of server keys
(one for wrapping the master secrets in the session ID
cache, and two new ones for TLS session tickets) because
SSL_ConfigServerSessionIDCache is typically called before
NSS is initialized and therefore can't use the PK11 functions
to create keys.

A possible solution is to add a new SSL server-side init
function, to be called immediately after NSS is initialized,
that performs the early initialization of these keys.

Right now these keys are created lazily in these functions:
http://lxr.mozilla.org/security/ident?i=getWrappingKey
http://lxr.mozilla.org/security/ident?i=ssl3_GetSessionTicketKeysPKCS11
http://lxr.mozilla.org/security/ident?i=ssl3_GetSessionTicketKeys

Wan-Teh Chang

Reporter

Updated

•

16 years ago

Depends on: tlsste

Wan-Teh Chang

Reporter

Updated

•

16 years ago

Assignee: nobody → wtc

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

BugBot [:suhaib / :marco/ :calixte]

Comment 1

•

2 years ago

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Assignee: wtc → nobody

Benjamin Beurdouche [:beurdouche]

Updated

•

6 months ago

Severity: S3 → S4

Status: NEW → RESOLVED

Closed: 6 months ago

Priority: -- → P5

Resolution: --- → INACTIVE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Early initialization of server session ID cache keys

Categories

(NSS :: Libraries, defect, P5)

Tracking

(Not tracked)

People

(Reporter: wtc, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Comment 1

Updated