nginx-ssl-ja3 icon indicating copy to clipboard operation
nginx-ssl-ja3 copied to clipboard

Published 20 hours ago verified publisher icon fooinha

Disabled tls tickets

Open device-x opened this issue 2 years ago • 2 comments

Hello. We use nginx with tls tickets for session resumption.

In the nginx patch in the line https://github.com/fooinha/nginx-ssl-ja3/blob/master/patches/nginx.1.23.1.ssl.extensions.patch#L8 ticket support explicitly disabled Tell me for what and will the module with enabled tls tickets work normally?

Thanks in advance

device-x avatar Jan 17 '23 08:01 device-x

Naturally, tls tickets being enabled will produce 2 different fingerprint values for the same user-agent, for a series of requests.

Maybe there's a way I could make this configurable.

fooinha avatar Jan 17 '23 08:01 fooinha

Actually there's the same issue with TLS1.3 session resumption. When the client tries to reuse a psk previously delivered by the server, it adds it in the pre_shared_key (41) extension in the subsequent clientHello resulting in two differents fingerprints. SSL_OP_NO_TICKET does not disable psk generation on server side as stated by Maxim Dounin : https://mailman.nginx.org/pipermail/nginx-devel/2020-April/013092.html My approach is to treat extension 41 the same way as GREASE to exclude it from fingerprint.

gbilic avatar Mar 16 '23 12:03 gbilic