Re: [TLS] Security concerns around co-locating TLS and non-secure
Martin Rex <mrex@sap.com> Thu, 11 November 2010 23:42 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 30D9E3A657C for <tls@core3.amsl.com>; Thu, 11 Nov 2010 15:42:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.728
X-Spam-Level:
X-Spam-Status: No, score=-9.728 tagged_above=-999 required=5 tests=[AWL=-0.079, BAYES_00=-2.599, HELO_EQ_DE=0.35, J_CHICKENPOX_48=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8wCsPaQmQmNQ for <tls@core3.amsl.com>; Thu, 11 Nov 2010 15:42:32 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by core3.amsl.com (Postfix) with ESMTP id 3E95A3A6452 for <tls@ietf.org>; Thu, 11 Nov 2010 15:42:31 -0800 (PST)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id oABNgu2G001090 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 12 Nov 2010 00:43:01 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201011112342.oABNgt6C021391@fs4113.wdf.sap.corp>
To: mrex@sap.com
Date: Fri, 12 Nov 2010 00:42:55 +0100
In-Reply-To: <201011112246.oABMkHI5018216@fs4113.wdf.sap.corp> from "Martin Rex" at Nov 11, 10 11:46:17 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal04
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2010 23:42:37 -0000
Martin Rex wrote: > > Nicolas Williams wrote: > > > > I suspect the issue is that session resumption is generally not feasible > > due to a) lack of implementation of session resumption without > > server-side state, b) the need to cluster services making it difficult > > to share server-side session resumption state. Which would mean that > > every TLS connection involves public key operations. > > For those services that use either a NAT or DNS-A-round-robin load > balancing, TLS session caching might be an issue. Especially > when clients are still using HTTP 1.0 (i.e. no keep-alive), like > when they're behind a proxy and use HTTP/1.0 by default for proxy > traversal -- which appears to be the default for a certain (huge) > installed base... > > Trying to load off server state on the client as a TLS session cookie > might not be a solution for many scenarios, because it is simply not > available in many implementations and the server-side state might > be "huge" whereas the communication frequency and message size > might be tiny -- which easily results in a _magnitude_ higher load > when switching from HTTP to HTTPS. Btw. there are load balancers that can take the SSL session ID into account when balancing load and ensure that requests with the same SSL session ID end up at the same backend server, which significantly improves the TLS session resume ratio. When there are certain usage peaks on TLS servers, adequate session cache size&lifetime management can make a huge difference. If you have a server running with TLS that is hit by a lot of requests, you probably want a high percentage of TLS session resumes on those connections so that you do not max out on the CPU usage because of the TLS handshakes. When we had a customer with peak load problems several years ago with the CPU load of his 8-way server at 90% and fairly disappointing response times. I looked at SSL session characteristics and noticed a poor full-HS/resume ratio (6000:21 in 60 seconds), indicating that our default session cache size and lifetime were not adequate for that usage profile and that cache pruning apparently didn't work (bug). So I asked the customer to set a larger tls session cache size and significantly reduce the session cache lifetime, which resulted in a much better full-HS/resume ratio (183:9168 in 120 seconds) and the CPU load of his server dropped back to 15% and the response times were _much_ better. On a busy server, a server-side TLS session cache lifetime in the area of 15-30 minutes is just fine to keep the CPU load at acceptable levels. I haven't come around to write a code for an automatic dynamic cache size&lifetime adjustment depending on the server's load and usage patterns. The way how OpenSSL manages cache lifetime might not be useful for such management, because rather than session creation time, OpenSSL calculates on session creation when a session should be expired on current parameters and only stores that time in the cache. For dynamic adjustments when the cache is close to full, I prefer to have cache lifetime adjustments affect all cache contents immediately based on the true session age, not just new sessions (for which there is not much room left). -Martin
- [TLS] Security concerns around co-locating TLS an… Magnus Westerlund
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Paul Hoffman
- Re: [TLS] Security concerns around co-locating TL… Magnus Westerlund
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Geoffrey Keating
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Richard Hartmann
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Richard Hartmann
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Bill Frantz
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Bill Frantz
- Re: [TLS] Security concerns around co-locating TL… Steingruebl, Andy
- Re: [TLS] Security concerns around co-locating TL… t.petch
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… t.petch
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Yoav Nir
- Re: [TLS] Security concerns around co-locating TL… Nelson B Bolyard
- Re: [TLS] Security concerns around co-locating TL… Peter Saint-Andre
- Re: [TLS] Security concerns around co-locating TL… Bill Frantz
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Juho Vähä-Herttua
- Re: [TLS] Security concerns around co-locating TL… Juho Vähä-Herttua
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Nikos Mavrogiannopoulos
- Re: [TLS] Security concerns around co-locating TL… t.petch
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Chris Newman
- Re: [TLS] Security concerns around co-locating TL… Nico Williams
- Re: [TLS] Security concerns around co-locating TL… Matt DeMoss
- Re: [TLS] Security concerns around co-locating TL… Yoav Nir
- Re: [TLS] Security concerns around co-locating TL… Joe Touch