Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Router SSL configuration: allow specification of SSL session ticket key #23

Open
Cryptophobia opened this issue Mar 13, 2018 · 1 comment
Open

Router SSL configuration: allow specification of SSL session ticket key #23

Cryptophobia opened this issue Mar 13, 2018 · 1 comment
Labels
enhancement help wanted proposal

Comments

@Cryptophobia
Copy link
Member

From @james-thimont-bcgdv on February 18, 2016 11:16

If we want to scale the NGINX instance to more than one instance and use SSL session tickets, each instance must have the same key.

Could you add that to the router annotation configuration?

Or even better could Deis automatically rotate the keys?
https://blog.twitter.com/2013/forward-secrecy-at-twitter-0

Copied from original issue: deis/router#122
@Cryptophobia
Copy link
Member Author

From @felixbuenemann on August 9, 2016 20:13

I noticed the same. This could probably be handled by storing the session key into a secret then this secret could be updated and nginx would reload the configuration. Rotating the keys could then be scripted using kubectl or the kubernetes api.

@Cryptophobia Cryptophobia mentioned this issue Mar 13, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Cryptophobia