Monday, December 10, 2007

Keeping OpenSSL up-to-date

OpenSSL is perhaps the most widely used of all cryptographic libraries, both in the open source world and by commercial enterprises. The OpenSSL team is often approached by such enterprises seeking assistance with specific problems or features of particular interest to that enterprise. Less often they are approached by a sponsor with a technical need and the vision to address that need in a way that benefits the open source community as a whole.

OSSI has had a long association with OpenSSL, beginning with work over a five year period on the groundbreaking FIPS 140-2 validation of an OpenSSL derived crypto library (implemented largely by Googler Ben Laurie) and continuing with additional validations currently underway with extensive improvements by Dr. Stephen Henson and others. We were pleased to help facilitate Google's sponsorship of RFC4507 support to OpenSSL.

RFC 4507, also known as “stateless session resumption,” is a relatively new draft standard for a mechanism that enables a secure web (TLS) server to resume sessions without explicitly preserving per-client session state. The TLS server encapsulates the session state into a ticket that is preserved in encrypted form and subsequently provided to a client. That client can then resume the previous session using the information in that ticket, avoiding the need for the full TLS negotiation.

This mechanism may be used with any TLS ciphersuite. It makes use of TLS extensions defined in RFC4366 and defines a new TLS message type.

Stateless session resumption is of particular value in the following situations:

  1. For servers that handle a large volume of transactions from many users

  2. For servers that must cache sessions for a long time

  3. For load balancing requests across servers

  4. For embedded servers with little memory

As an added bonus, RFC4366 support includes the Server Name Indication extension, which allows browsers to specify a server name when connecting to an SSL host. This means that SSL hosts can finally use name-based virtual hosting instead of burning an IP address per host.

The implementation in OpenSSL and the interoperability testing were performed by Steve Henson. This support is available in both the current 0.9.8 product branch and in the development trunk (0.9.9).


  1. The Server Name Indication extension is awesome! Thanks for the tip.

  2. But doesn't the stateless session resumption support break proxies sitting between, say, a gmail server and a client? How do proxies ignore the ticket magic?