Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Router SSL configuration: allow specification of SSL session ticket key #122

Open
james-thimont-bcgdv opened this issue Feb 18, 2016 · 2 comments
Open

Router SSL configuration: allow specification of SSL session ticket key #122

james-thimont-bcgdv opened this issue Feb 18, 2016 · 2 comments
Labels
enhancement help wanted proposal

Comments

@james-thimont-bcgdv
Copy link

If we want to scale the NGINX instance to more than one instance and use SSL session tickets, each instance must have the same key.

Could you add that to the router annotation configuration?

Or even better could Deis automatically rotate the keys?
https://blog.twitter.com/2013/forward-secrecy-at-twitter-0
@krancour krancour self-assigned this Feb 18, 2016
@felixbuenemann
Copy link
Contributor

I noticed the same. This could probably be handled by storing the session key into a secret then this secret could be updated and nginx would reload the configuration. Rotating the keys could then be scripted using kubectl or the kubernetes api.

@Cryptophobia Cryptophobia mentioned this issue Mar 13, 2018
Open
@Cryptophobia
Copy link

This issue was moved to teamhephy/router#23

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@felixbuenemann @bacongobbler @krancour @james-thimont-bcgdv @Cryptophobia