Closed Bug 421378 Opened 17 years ago Closed 2 years ago

Early initialization of server session ID cache keys

Categories

(NSS :: Libraries, defect, P5)

Product:
NSS
Component:
Libraries
Version:
3.12
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INACTIVE

People

(Reporter: wtc, Unassigned)

References

Details

Right now we do early initialization of server locks, but we can't do early initialization of server keys (one for wrapping the master secrets in the session ID cache, and two new ones for TLS session tickets) because SSL_ConfigServerSessionIDCache is typically called before NSS is initialized and therefore can't use the PK11 functions to create keys. A possible solution is to add a new SSL server-side init function, to be called immediately after NSS is initialized, that performs the early initialization of these keys. Right now these keys are created lazily in these functions: http://lxr.mozilla.org/security/ident?i=getWrappingKey http://lxr.mozilla.org/security/ident?i=ssl3_GetSessionTicketKeysPKCS11 http://lxr.mozilla.org/security/ident?i=ssl3_GetSessionTicketKeys
Depends on: tlsste
Assignee: nobody → wtc
Severity: normal → S3

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Assignee: wtc → nobody
Severity: S3 → S4
Status: NEW → RESOLVED
Closed: 2 years ago
Priority: -- → P5
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.