The Tripple Handshake Issue was disclosed lately. Wether disabling session resumption will mitigate this or not, is a topic for another question. Let's assume I want to disable it for whatever reason (basicly my paranoia).
To disable this in C, it seems like one should use this:
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
Can someone please confirm this?
But how to do this in pyopenssl?
Starting with pyOpenSSL 0.14 this is possible:
from OpenSSL.SSL import TLSv1_2_METHOD SESS_CACHE_OFF, Context, Connection
ctx = Context(TLSv1_2_METHOD)
ctx.set_session_cache_mode(SESS_CACHE_OFF)
conn = Connection(ctx, ...)
Earlier versions of pyOpenSSL do not expose these APIs.
If you also need to turn off session tickets then:
from OpenSSL.SSL import OP_NO_TICKET
...
ctx.set_options(OP_NO_TICKET)
Can someone please confirm this?
I believe Dr. Henson answered this over at the OpenSSL User Mailing list.
the attack described in https://secure-resumption.com/ breaks also tls channel binding tls-unique RFC 5929.
I would still like to use tls-unique for channel binding as defined in SCRAM (RFC 5802). Can OpenSSL be used for channel binding and protect against this attack if the session caching is disabled?
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)
Is it necessary to disable resumption using a different function?
You'd also need to disable session tickets too.
Note the initiial phase of the attack requires that the attacker possess a private key and certificate the client trusts. I'd be interested to know how that could happen under your circumstances.
So, according to Dr. Henson, you also need to call SSL_CTX_set_options with SSL_OP_NO_TICKET. See the OpenSSL docs at
SSL_CTX_set_options(3).
I don't know how to do it in Python, though.
