Zi nginx conf_2015
6 likes1,366 views
1. The document discusses TLS session resumption across multiple servers using ngx_lua. It introduces TLS handshakes and session resumption. 2. It describes how ngx_lua can implement cross-host session resumption via session IDs and tickets through Lua scripts while maintaining performance and forward secrecy. Small patches are needed to Nginx/OpenSSL. 3. Key aspects covered are a memcached session store interface, non-blocking I/O, ticket key encryption and rotation, and configuration via Lua scripts without modifying Nginx core. This allows cross-host session resumption compatible with TLSv1.3.
![#nginx #nginxconf30
Sample solution: Augmented nginx conf
Set "ssl_session_cache memcached:<name>[:<host>[:<port>]]"
• Blocking I/O :(
• Need to add session encryption :(
• No tests. :(](https://image.slidesharecdn.com/zinginxconf2015-150924234723-lva1-app6892/85/Zi-nginx-conf_2015-30-320.jpg)
![#nginx #nginxconf
Ticket key rotation
• Rotate the ticket encryption key once a while
• Nginx embeds a key array as OpenSSL ex_data
40
[key_0, key_1, key_2, … key_n]
encryption decryption
[new-key, key_0, key_1, key_2, … key_n]](https://image.slidesharecdn.com/zinginxconf2015-150924234723-lva1-app6892/85/Zi-nginx-conf_2015-40-320.jpg)
![#nginx #nginxconf41
Ticket key rotation
• Lock-free key synchronization
[key_0, key_{n}, key_{n-1}, … key_1, key_0]
[key_0, new-key, key_{n-1}, …, key_1, key_0]
[new-key, new-key, key_{n-1}, …, key_1, key_0]
[new-key, key_{n-1}, new-key, …, key_1, key_0]
[new-key, key_{n-1}, key_{n-2}, …, key_0, new-key]
Key update loop](https://image.slidesharecdn.com/zinginxconf2015-150924234723-lva1-app6892/85/Zi-nginx-conf_2015-41-320.jpg)
Zi nginx conf_2015
- 1. TLS Cross-host Session Resumption via ngx_lua forward secrecy, best practices and more 24/09/2015 Zi Lin zi@cloudflare.com @lziest
- 2. #nginx #nginxconf About Me • System Engineer at CloudFlare Inc. • Touch everything about TLS • Nginx/OpenSSL • CFSSL • Internal system security infrastructure 2
- 3. Agenda #nginx #nginxconf3 1 2 3 4 TLS Handshake 101 Brief introduction on TLS handshake and session resumption Cross-host session resumption Why it poses an engineering problem Session resumption by ngx_lua designs for both session id and session ticket Solve session resumption at CloudFlare How we achieve session resumptions with performance and forward secrecy CC BY 2.0 image by Brenda Clarke
- 4. #nginx #nginxconf TLS Handshake 4 source: https://youtu.be/KvxCv_yrcCY
- 5. #nginx #nginxconf TLS Handshake RSA 5 ClientHello ServerHello ClientKeyExchange Server RandomClient Random Encrypted premaster secret Premaster secret = + +Session Key Finished RSA Private Key
- 6. #nginx #nginxconf TLS Handshake Diffie-Hellman 6 ClientHello ServerHello ServerKeyExchange ClientKeyExchange Server RandomClient Random 6 = + +Session Key +=+= Server DHClient DH Finished
- 7. #nginx #nginxconf TLS Handshake is expensive 7
- 8. #nginx #nginxconf TLS Handshake Performance 8 RSA Decryption ECDH ops/sec, NIST p-curve 0 150 300 450 600 2048 4096 0 650 1300 1950 2600 256 384 521 ops/sec
- 9. #nginx #nginxconf9 TLS Handshake Latency Network Round-trip Latency 0 40ms 80ms 120ms 160ms Local Coast to Coast
- 10. #nginx #nginxconf TLS Session Resumption ClientHello ServerHello Hi Server, Remember me? Yup, let’s reuse the cipher Session Key
- 11. #nginx #nginxconf Resumed by Session ID 11 Hi Server, Remember me? session #2 ClientHello ServerHello Yup, let’s reuse the cipher lookup session idSession Key
- 12. #nginx #nginxconf Resumed by Session ID 12 Hi Server, Remember me? session #100K ClientHello ServerHello Yup, let’s reuse the cipher lookup session id 10K session/sec * 3600 sec * 100 B/session = 3.6GB Session Key
- 13. #nginx #nginxconf Let Clients Do Storage: Session Ticket 13 Finished Session ticket Keep this! lookup ticket key =
- 14. #nginx #nginxconf Resumed by Session Ticket 14 Hi Server, Remember this? ClientHello ServerHello Yup, let’s reuse the cipher lookup ticket key =Session Key Session Ticket
- 16. #nginx #nginxconf Nginx supports both mechanisms! But what if there are >1 servers? 16
- 17. #nginx #nginxconf If each server maintains its own states 17 TLS Handshake Session Resumption Fail
- 18. 0 0.25 0.5 0.75 1 1 2 5 10 100 Success rate The More, The Less Merrier #nginx #nginxconf18
- 19. #nginx #nginxconf CloudFlare must support both session resumption mechanisms across hosts 19 Have to, because some IEs and most Safaris don’t support session ticket yet. https://www.howsmyssl.com
- 20. #nginx #nginxconf CloudFlare must support both session resumption mechanisms across hosts 20 SSL sessions % 0 15 30 45 60 ID Support Ticket Support
- 21. #nginx #nginxconf Cross-host Session Resumption by Id 21 ClientHello ServerHello lookup session id store session by id
- 22. #nginx #nginxconf Cross-host Session Ticket Resumption 22 ClientHello ServerHello lookup ticket key =
- 23. #nginx #nginxconf Forward Secrecy 23 Hi Server, Remember this know ticket key, knows all hours later Hi Server, Remember this
- 24. #nginx #nginxconf Shared ticket key rotation 24 update ticket key timestamp key T_0 T_1 T_2 T_3 key schedule
- 25. #nginx #nginxconf Resumed by session ticket 25 Yup, reuse the cipher Hi Server, Remember this btw, use this next time =re_encrypt( ) ticket key rotated
- 26. #nginx #nginxconf Forward Secrecy 26 Hi Server, Remember this ??? hours later Hi Server, Remember this
- 27. #nginx #nginxconf Cross-host Session Resumption 27 ClientHello ServerHello lookup ticket key = time key T_0 T_1 T_2 T_3 update ticket key
- 28. #nginx #nginxconf Requirements for Cross-Host Session Resumption • Shared key store: memcached interface • Performance - Non-blocking I/O • Performance - multi-tiered caching • Security - Session encryption; Ticket key encryption; • Usability - Easy-to-maintain Configuration 28
- 29. #nginx #nginxconf A new nginx conf module? 29 Shared Memcached session store
- 30. #nginx #nginxconf30 Sample solution: Augmented nginx conf Set "ssl_session_cache memcached:<name>[:<host>[:<port>]]" • Blocking I/O :( • Need to add session encryption :( • No tests. :(
- 31. #nginx #nginxconf • Shared session store: memcached interface • Performance - Non-blocking I/O • Performance - multi-tiered caching • Security - Session encryption • Usability - Script as Configuration • Have Tests! 31 Let’s do it in ngx_lua a.k.a. Openresty
- 32. #nginx #nginxconf32 ngx_lua in a nutshell Write C callbacks in Lua with almost no performance hit
- 33. #nginx #nginxconf33 Follow the path of ssl-cert-by-lua @agentzh
- 34. #nginx #nginxconf OpenSSL TLS server-side state machines 34 • OpenSSL state machine needs to have a state for non-blocking session I/O WaitForReceive WaitForSend ProcessClientMessage WaitForSession WaitForCertCallback* *Need Nginx patch
- 35. #nginx #nginxconf Non-blocking session I/O with Nginx/OpenSSL 35 OpenSSL TLS Handshake State Machine • Event Handler needs to know the handshake is ongoing with session I/O
- 36. #nginx #nginxconf Minimal changes in Nginx/OpenSSL • OpenSSL patch, ported from BoringSSL • Nginx patch (on top of ssl-cert-by-lua patch) 36
- 37. #nginx #nginxconf https://github.com/ openresty/lua-nginx-module 37 branch ssl-session-by-lua on top of ssl-cert-by-lua Development in ngx_lua Still under internal review/testing
- 38. #nginx #nginxconf Lua scripting for Session I/O 38 cache.lua: 250 loc, 7.5kb memc.lua: 298 loc, 8kb shdict.lua: 81 loc, 1.8kb
- 39. #nginx #nginxconf Cross-host Session Ticket Resumption 39 ClientHello ServerHello lookup ticket key =
- 40. #nginx #nginxconf Ticket key rotation • Rotate the ticket encryption key once a while • Nginx embeds a key array as OpenSSL ex_data 40 [key_0, key_1, key_2, … key_n] encryption decryption [new-key, key_0, key_1, key_2, … key_n]
- 41. #nginx #nginxconf41 Ticket key rotation • Lock-free key synchronization [key_0, key_{n}, key_{n-1}, … key_1, key_0] [key_0, new-key, key_{n-1}, …, key_1, key_0] [new-key, new-key, key_{n-1}, …, key_1, key_0] [new-key, key_{n-1}, new-key, …, key_1, key_0] [new-key, key_{n-1}, key_{n-2}, …, key_0, new-key] Key update loop
- 42. #nginx #nginxconf Let’s modify Nginx? • Shared ticket key store: memcached interface • Non-blocking I/O • Implementation of a timer • Ticket key encryption • Configuration 42
- 43. #nginx #nginxconf Let’s do it in ngx_lua 43 • Shared ticket key store: memcached interface • Non-blocking I/O • Implementation of a timer • Ticket key encryption • Configuration
- 44. #nginx #nginxconf44 There is no need to modify Nginx/OpenSSL! Only scripting in nginx.conf Let’s do it in ngx_lua
- 45. #nginx #nginxconf45 periodically poll periodically poll HKG SIN Master timestamp key T_0 T_1 T_2 T_3 timestamp key T_0 T_1 T_2 T_3 timestamp key T_0 T_1 T_2 T_3 Going further at CloudFlare
- 46. #nginx #nginxconf A Sneak Peek into Session resumption in TLSv1.3 46 Finished Session ticket Keep this! lookup ticket key = Session ID
- 47. #nginx #nginxconf Cross-host Session Resumption 47 ClientHello ServerHello lookup ticket key = time key T_0 T_1 T_2 T_3 update ticket key id id
- 48. #nginx #nginxconf Team • Yichun Zhang @agentzh • Nick Sullivan @grittygrease • Shuxin Yang • Jiale Zhi @_calio • Guanlan Dai 48
- 49. #nginx #nginxconf Recap • Cross-host TLS session resumption by id • New ngx_lua directives: ssl_session_store_by_lua ssl_session_fetch_by_lua • Small patches in Nginx/OpenSSL • TLSv1.3 compatible • Cross-host TLS session ticket resumption with forward secrecy • Scripting in init_worker_by_lua and init_by_lua • No need to touch Nginx or OpenSSL • TLSv1.3 compatible 49
- 50. #nginx #nginxconf Caching is necessary • Can’t spend 100ms for each session retrieval • Shared memory cache - workers • Lua cache - single worker • Worse case is pretty rare 50