Fix TLS session resumption via IDs when Mutual TLS is used

This commit fixes TLS session resumption via session IDs when client certificates are used. To do so it makes sure that session ID contexts are set within server TLS contexts. See OpenSSL documentation for 'SSL_CTX_set_session_id_context()', the "Warnings" section.
2025-08-29 13:38:26 +00:00 · 2022-12-09 18:44:01 +02:00 · 2022-12-09 18:44:01 +02:00 · 837fef78b1
commit 837fef78b1
parent 39e57ab133
3 changed files with 44 additions and 0 deletions
--- a/lib/isc/include/isc/tls.h
+++ b/lib/isc/include/isc/tls.h
@ -563,6 +563,26 @@ isc_tlsctx_cache_find(
 *		relation between stores and contexts.
 */

+void
+isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx);
+/*%<
+ * Set context within which session can be reused to a randomly
+ * generated value. This one is used for TLS session resumption using
+ * session IDs. See OpenSSL documentation for
+ * 'SSL_CTX_set_session_id_context()'.
+ *
+ * It might be worth noting that usually session ID contexts are kept
+ * static for an application and particular certificate
+ * combination. However, for the cases when exporting server side TLS
+ * session cache to/loading from external memory is not required, we
+ * might use random IDs just fine. See,
+ * e.g. 'ngx_ssl_session_id_context()' in NGINX for an example of how
+ * a session ID might be obtained.
+ *
+ * Requires:
+ *\li   'ctx' - a valid non-NULL pointer;
+ */
+
 void
 isc__tls_initialize(void);

--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@ -1728,3 +1728,16 @@ isc_tlsctx_client_session_cache_getctx(
 	REQUIRE(VALID_TLSCTX_CLIENT_SESSION_CACHE(cache));
 	return (cache->ctx);
 }
+
+void
+isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx) {
+	uint8_t session_id_ctx[SSL_MAX_SID_CTX_LENGTH] = { 0 };
+	const size_t len = ISC_MIN(20, sizeof(session_id_ctx));
+
+	REQUIRE(ctx != NULL);
+
+	RUNTIME_CHECK(RAND_bytes(session_id_ctx, len) == 1);
+
+	RUNTIME_CHECK(
+		SSL_CTX_set_session_id_context(ctx, session_id_ctx, len) == 1);
+}
--- a/lib/ns/listenlist.c
+++ b/lib/ns/listenlist.c
@ -64,6 +64,17 @@ listenelt_create(isc_mem_t *mctx, in_port_t port, isc_dscp_t dscp,
 				goto tls_error;
 			}

+			/*
+			 * We need to initialise session ID context to make TLS
+			 * session resumption work correctly - in particular in
+			 * the case when client certificates are used (Mutual
+			 * TLS) - otherwise resumption attempts will lead to
+			 * handshake failures. See OpenSSL documentation for
+			 * 'SSL_CTX_set_session_id_context()', the "Warnings"
+			 * section.
+			 */
+			isc_tlsctx_set_random_session_id_context(sslctx);
+
 			/*
 			 * If CA-bundle file is specified - enable client
 			 * certificates validation.