summaryrefslogtreecommitdiff
path: root/modules/caddyhttp
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2019-10-09 19:38:26 -0600
committerMatthew Holt <mholt@users.noreply.github.com>2019-10-09 19:38:26 -0600
commitdedcfd4e3da1297cda2d09776e7c8135e0d960ce (patch)
tree96cc725c5c8ac246ba8df91e38b49e1bcfac8378 /modules/caddyhttp
parent20fe9cf024898c73725eab0d4306dfd3b6ccd6d8 (diff)
tls: Add distributed_stek module
This migrates a feature that was previously reserved for enterprise users, according to https://github.com/caddyserver/caddy/issues/2786. TLS session ticket keys are sensitive, so they should be rotated on a regular basis. Only Caddy does this by default. However, a cluster of servers that rotate keys without synchronization will lose the benefits of having sessions in the first place if the client is routed to a different backend. This module coordinates STEK rotation in a fleet so the same keys are used, and rotated, across the whole cluster. No other server does this, but Twitter wrote about how they hacked together a solution a few years ago: https://blog.twitter.com/engineering/en_us/a/2013/forward-secrecy-at-twitter.html
Diffstat (limited to 'modules/caddyhttp')
0 files changed, 0 insertions, 0 deletions