Perfect Forward Secrecy

Forward Secrecy in LiteSpeed Web Server

What is Perfect Forward Secrecy?

Perfect Forward Secrecy, also simply called Forward Secrecy, is a TLS/SSL concept which protects data by ensuring that past communications cannot be decrypted, even if secret keys are compromised. Forward secrecy in LiteSpeed Web Server is achieved through session ticket key rotation.

Why is Forward Secrecy Important?

An attacker may gain access to website communications, and patiently collect massive amounts of encrypted data. Session Tickets, a mechanism used to resume TLS sessions, provide a vehicle for attackers to decrypt the traffic they’ve intercepted, if the attacker manages to steal the key.

This is a serious security problem. For this reason, website administrators are often advised to turn off session ticket functionality.

Turning off session tickets, however, is not an ideal solution. Session tickets reduce the overhead of the handshake in resumed TLS sessions by eliminating the need for key negotiation, like so:

  • The server encrypts the session key and stores it in the session ticket, which it sends to the client.
  • The client keeps the ticket, and the corresponding session key, for later.
  • The next time the client wants to connect to that server it sends the ticket to the server.
  • The server decrypts the ticket, extracts the session key, and starts using it. No key negotiation required.

So, rather than disabling session tickets, which speed up HTTPS connections for resumed sessions, a better solution is to periodically rotate the keys.

Session Ticket Key Rotation

Rotating session ticket keys ensures that attackers can only decrypt the most recently collected data.

In other words, if you choose to rotate your session ticket keys once a day, then at worst, an attacker can decrypt 24 hours’ worth of data. This is a far less troubling scenario than attackers having access to massive amounts of traffic over the course of several months.

Shorter periods of ticket key rotation protect the data even more.

Unlike Apache and nginx, LiteSpeed Web Server supports session ticket key rotation out of the box. There is no special knowledge or configuration required.

As of LiteSpeed Web Server v5.4.11b3, the default rotation period is one hour. It doesn’t matter how much data an attacker may have collected. Stealing a key that the server has recently rotated, allows them to decrypt, at most, one hour’s worth of data.

Session ticket key rotation is just one measure LiteSpeed takes to protect your SSL/TLS security. Visit our website to learn about all of our SSL/TLS security features.

Related Posts