4

I scanned my servers' SSL/TLS configuration using https://www.ssllabs.com/ssltest/, and it reported Session resumption (caching) No (IDs assigned but not accepted)

I'm using 2 instances of Azure web roles behind a round-robin load balancer. I believe session resumption got broken due to the session IDs being cached on one server but not on the other.

How do I configure IIS to use a shared cache (preferably Redis) for it's session IDs?

Update:

There does not seem to be a way to share session cache. However, Windows Server 2012 R2 seems to support stateless (ticket-based) session http://technet.microsoft.com/en-us/library/hh831771.aspx#BKMK_Changes2012R2.

Tried setting HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\MaximumCacheSize to 0, as stated in http://technet.microsoft.com/en-us/library/dn786418.aspx#BKMK_SchannelTR_IssuerCacheSize to disable session cache, but there's no effect.

Tried enabling ticket-based session with New-TlsSessionTicketKey and Enable-TlsSessionTicketKey (http://technet.microsoft.com/en-us/library/dn296629.aspx), but there's also no effect.

Anyone managed to get those settings to work?

Update 2:

Successfully disabled session cache by setting both

  • HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\MaximumCacheSize to 0
  • HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ServerCacheTime to 0

and restarting the server

Still unable to get tickets to work despite running the Enable-TlsSessionTicketKey command for IIS AppPool\{app pool GUID} and Network Service

Jeow Li Huan
  • 93
  • 1
  • 9
  • Offloading the SSL to the load balancer is one option - like using ARR on an IIS instance to load balance to mutliple application server IIS servers. [HTTP Load Balancing using Application Request Routing](http://www.iis.net/learn/extensions/configuring-application-request-routing-(arr)/http-load-balancing-using-application-request-routing) – Brian Oct 18 '14 at 00:33
  • I hope that there is no need to introduce/change the infrastructure that is already present – Jeow Li Huan Oct 18 '14 at 03:25

2 Answers2

4

There may be some misunderstanding on which session is concerned.

You have the session most web applications use to create persistence between multiple HTTP requests, the stereotypical contents of your shopping cart. That is not what SSLLabs is testing.
Regardless: when using a load-balancer you should typically replicate that session state so your visitor does not end up with an empty shopping cart when subsequent HTTP requests are distributed to different back-end web servers.

There is also to SSL/TLS session, which is what SSLLabs is testing for.

In short when an SSL connection is established the webserver and browser use a computationally relatively expensive public key handshake/negotiation at first (Diffie-Hellman). Part of that negotiation is to establish a symmetric key, unique for that specific connection, which will be used for the subsequent encryption/decryption of data transmitted over that connection. Symmetric encryption is still secure, but computationally relatively cheap so that reduces the load on both the webserver and the webbrowser. Unlike with plain HTTP, the webbrowser will leave the HTTPS connection to the webserver open and use it for multiple HTTPS requests, but after some idle time the connection will still be closed.
That is where the SSL session cache comes into play. If enabled, rather than negotiate a new symmetric key, the webserver may allow the webbrowser to re-use that old symmetric key on the new connection. The benefit is that a new connection is more quickly established (it saves a few TCP/IP round trips and some heavy computation) probably at the expense of security I suspect.

I don't know if IIS (or other webservers for that matter) have features to replicate the SSL session cache to other nodes in a loadblanced cluster. There may be no need either. Typically either SSL termination takes place on the loadbalancer or TCP sticky sessions are used to ensure subsequent HTTPS connections are handled by the same webserver, eliminating the need for webservers to replicate the SSL session cache.
If that i snot in place, and the web server advertises the support for SSL resumption, but the loadbalancer distributes the new connection to a different webserver, a mismatch is created.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • I am aware of the difference between SSL session and ASP.NET session. I need IIS to replicate the SSL session cache, as Azure's load balancer is dumb and supports only round-robin, thus always distributes the new connection to a different server – Jeow Li Huan Oct 16 '14 at 03:02
  • 1
    I can't find any evidence of iIS supporting replication of the SSL session cache, even in the more technologically advanced Open Source web servers that has not yet become standard functionality. The solution appears to replace the simple Azure load balancer by a virtual appliance doing the load balancing and or SSL offloading. For example a HAproxy image or [this](http://kemptechnologies.com/server-load-balancing-appliances/virtual-loadbalancer/loadmaster-azure/) – HBruijn Oct 16 '14 at 05:17
  • It looks like I can opt for stateless session resumption. Any idea how can I enable ticket based session and disable the cache based one? http://technet.microsoft.com/en-us/library/hh831771.aspx#BKMK_Changes2012R2. I do not wish to introduce another server if I can as I'm a programmer, not a sysadmin (as evident from my reputation points...) – Jeow Li Huan Oct 16 '14 at 05:23
  • RFC 5077 support has been announced for Windows Server 2012R2, if I read things correctly, and that has not been released for general availability yet. – HBruijn Oct 16 '14 at 05:57
0

Finally, found way to enable TLS session tickets on win2k12 r2 and win2k16. You need to follow these steps:

  1. Create a key (DWORD) in registry with value 1 HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\EnableSslSessionTicket

  2. Create a new TLS session ticket key through this powershell command: New-TlsSessionTicketKey -Password <password> -Path "C:\KeyConfig\TlsSessionTicketKey.config" -ServiceAccountName "System" https://technet.microsoft.com/en-us/itpro/powershell/windows/tls/new-tlssessionticketkey

  3. Enable TLS session ticket key through this powershell command: Enable-TlsSessionTicketKey -Password <password> -Path "C:\KeyConfig\TlsSessionTicketKey.config" -ServiceAccountName "System" https://technet.microsoft.com/en-us/itpro/powershell/windows/tls/enable-tlssessionticketkey

  4. Reboot the server to enable TLS session ticket generation. Reboot is required for the registry entry to take effect.

IMPORTANT: To re-use same TLS session tickets across load balanced servers, you need to copy "C:\KeyConfig\TlsSessionTicketKey.config" file generated after running "New-TlsSessionTicketKey" command on one of the servers and then copy the config file on all remaining servers and run "Enable-TlsSessionTicketKey" powershell command on each file. Unfortunately this worked for me only on win2k16. It did not work on win2k12r2.

chicks
  • 3,793
  • 10
  • 27
  • 36
Vinayak Tavildar
  • 16
  • Thanks. It does work on Windows 2012R2. However, https://www.ssllabs.com/ssltest detected that the implementation has a Ticketbleed vulnerability, thus I had to disable the TLS tickets until Microsoft fixes it – Jeow Li Huan Apr 22 '17 at 14:26
  • @JeowLiHuan as I understand it, the ticketbleed vulnerability applies only to load balancers, not Schannel. Were you able to find any info about a potential Schannel vulnerability? – crenshaw-dev Mar 28 '18 at 20:42