Early initialization of server session ID cache keys

NEW
Assigned to

Status

NSS
Libraries
10 years ago
10 years ago

People

(Reporter: Wan-Teh Chang, Assigned: Wan-Teh Chang)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

10 years ago
Right now we do early initialization of server locks,
but we can't do early initialization of server keys
(one for wrapping the master secrets in the session ID
cache, and two new ones for TLS session tickets) because
SSL_ConfigServerSessionIDCache is typically called before
NSS is initialized and therefore can't use the PK11 functions
to create keys.

A possible solution is to add a new SSL server-side init
function, to be called immediately after NSS is initialized,
that performs the early initialization of these keys.

Right now these keys are created lazily in these functions:
http://lxr.mozilla.org/security/ident?i=getWrappingKey
http://lxr.mozilla.org/security/ident?i=ssl3_GetSessionTicketKeysPKCS11
http://lxr.mozilla.org/security/ident?i=ssl3_GetSessionTicketKeys
(Assignee)

Updated

10 years ago
Depends on: 403563
(Assignee)

Updated

10 years ago
Assignee: nobody → wtc
You need to log in before you can comment on or make changes to this bug.