-
Notifications
You must be signed in to change notification settings - Fork 335
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
api: client tls session resumption #4293
base: main
Are you sure you want to change the base?
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #4293 +/- ##
==========================================
+ Coverage 65.98% 66.00% +0.02%
==========================================
Files 197 197
Lines 23964 23964
==========================================
+ Hits 15813 15818 +5
+ Misses 7025 7022 -3
+ Partials 1126 1124 -2 ☔ View full report in Codecov by Sentry. |
@@ -15,6 +15,20 @@ type ClientTLSSettings struct { | |||
// +optional | |||
ClientValidation *ClientValidationContext `json:"clientValidation,omitempty"` | |||
TLSSettings `json:",inline"` | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we explain here what is the default strategy used by Envoy/EG - no TLS resumption, stateless TLS resumption, or Ssateful TLS resumption?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we add an intermediate layer SessionResumption
here to group all the session-related parameters? This approach looks more intuitive to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a list of "typed" resumption settings and included docs explaining the default EG behavior.
api/v1alpha1/tls_types.go
Outdated
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlssessionticketkeys | ||
// +kubebuilder:validation:MaxItems=16 | ||
// +optional | ||
SessionTicketKeysRef []gwapiv1.SecretObjectReference `json:"sessionTicketKeysRef,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we mention the risks of the shared ticket secret and suggestions to mitigate the risks? Like Envoy does: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#envoy-v3-api-msg-extensions-transport-sockets-tls-v3-tlssessionticketkeys
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
after discussion yesterday, I reduced the scope of this PR to only deal with enable/disable of resumption. The types now include an explanation of performance, HA, functional and security impacts of different resumption methods.
api/v1alpha1/tls_types.go
Outdated
// Note that improper handling of session ticket encryption keys may result in loss of secrecy. | ||
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlssessionticketkeys | ||
// Default: true | ||
Enabled *bool `json:"enabled,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we add an intermediate layer, Enabled
can replaced with a Type
, aligning it with other EG APIs.
SessionResumption:
Type: Stateless
keys:
- ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good input, I adopted this format.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rethink on this, a fixed list of 2 elements seems a bit strange, what about the following structure? cc @arkodg as he always has great idea on how to shape the API :-)
SessionResumptionSettings:
stateful: {}
stateless: {}
Following yesterday's community meeting, some additional industry context. Currently, Mozilla's SSL config generator recommends disabling stateless resumption (session tickets) for nginx, apache and haproxy for security reasons.
This is mostly due to insufficient rotation of session ticket encryption keys in these projects. There is an ongoing discussion on changing the recommendation for newer versions of nginx where keys are rotated: mozilla/server-side-tls#135. BoringSSL rotates encryption keys by default every 48 hours: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Session-tickets. Envoy doesn't change this behavior or make the rotation schedule configurable. Industry leaders like cloudflare rotate session ticket encryption keys every hour: https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/. There is no security recommendation to disable stateful session resumption. However:
nginx ingress by default disables stateful and stateless session resumption, but makes it possible to opt-in:
I propose that we change the current behavior and disable both resumption methods by default, but allow users to opt-in similar to nginx ingress. |
Signed-off-by: Guy Daich <[email protected]>
Signed-off-by: Guy Daich <[email protected]>
c6f91b3
to
7f02edf
Compare
Signed-off-by: Guy Daich <[email protected]>
What type of PR is this?
What this PR does / why we need it:
Introduces an API for TLS session management:
Envoy recommends rotating ticket encryption keys frequently. Multiple keys should be managed: a primary encryption key and one or more (previously rotated) decryption keys. Due to the complexity involved, Envoy-Gateway managed encryption keys are left out as future improvement.
Which issue(s) this PR fixes:
related #4268