On Thu, Jun 12, 2014 at 11:49:39AM +0200, Dimitrios Apostolou wrote:
> >The options start out "clear" by default.
> Are you positive on that? I'm quite sure that SSL_OP_LEGACY_SERVER_CONNECT
> is on for example.
I was not sure, looking at the code for SSL_CTX_new() in the "master"
development branch I see options starting as zero, and then if ticket
key initialization fails:
ret->options |= SSL_OP_NO_TICKET;
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
So yes, it appears that "clear by default" used to be true, but
then ticket support and renegotiation work-arounds were added and
the assumption that the initial slate is clean became false.
Mixing policy settings (SSL_OP_LEGACY_SERVER_CONNECT) which are OK
to clear, with runtime error status (SSL_OP_NO_TICKET) is rather
unfortunate. I would call this a bug.
Failure to automatically generate ticket keys MUST NOT change
policy, for example, the application may provide its own keys later,
and if the user clears the options, tickets should not be used with
missing key material.
So the state bit for lack of keys belongs elsewhere. This would
leave just SSL_OP_LEGACY_SERVER_CONNECT as a default option, which
you may choose to clear. For now, don't clear SSL_OP_NO_TICKET if
it is already set unless you've provided your own session tickets.