Disabled tls tickets
Opened this issue · 2 comments
Hello. We use nginx with tls tickets for session resumption.
In the nginx patch in the line https://github.com/fooinha/nginx-ssl-ja3/blob/master/patches/nginx.1.23.1.ssl.extensions.patch#L8 ticket support explicitly disabled
Tell me for what and will the module with enabled tls tickets work normally?
Thanks in advance
Naturally, tls tickets being enabled will produce 2 different fingerprint values for the same user-agent, for a series of requests.
Maybe there's a way I could make this configurable.
Actually there's the same issue with TLS1.3 session resumption. When the client tries to reuse a psk previously delivered by the server, it adds it in the pre_shared_key (41) extension in the subsequent clientHello resulting in two differents fingerprints. SSL_OP_NO_TICKET does not disable psk generation on server side as stated by Maxim Dounin : https://mailman.nginx.org/pipermail/nginx-devel/2020-April/013092.html
My approach is to treat extension 41 the same way as GREASE to exclude it from fingerprint.