otp
otp copied to clipboard
erlang
Storing Client Certificate in TLS 1.3 stateless tickets and configurable Shard/IV
Feature Proposal and Use Case I have a use case where I need to verify Client Certificates and pull some data out of the certificate when a client connects.
Now I am implementing session resumption with TLS 1.3 and stateless tickets. During session resumption the client certificate is not requested and so the peer_certificate field is not populated. My proposal is to store the peer_certificate in the opaque ticket field in NewSessionTicket message RFC 8446
With the stateless tickets, I am running multiple instances of the same service and I want any of the instances to be able to accept tickets generated by any of them. This is not possible as the Shard and IV used to encrypt and decrypt the tickets is generated randomly on starting listener in ssl. My proposal is to allow the user to configure these values. Note that doing this weakens replay protection of the tickets which can be documented.
Proof of Concept implementation
I have made a proof of concept of these two features based on OTP-24.1.3 implementing the feature, the code changes can be seen here: https://github.com/sindrip/otp/pull/4/files
What would be required to get this feature merged in? (Other than basing off master, adding tests, cleaning up the commits etc.)
Other implementations Note that encoding the certificate in the ticket seems to be in line with the implementation in the standard library of Go: https://go.dev/src/crypto/tls/handshake_server_tls13.go (see line 278)
We have been very busy with the OTP-25 deadline. We will start taking a look at this hopefully next week.
