Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable server-side TLS session tickets #48130

Merged
merged 2 commits into from
Oct 30, 2024
Merged

Disable server-side TLS session tickets #48130

merged 2 commits into from
Oct 30, 2024

Conversation

espadolini
Copy link
Contributor

After #44882 , Teleport 17+ will no longer restart after changing host CAs and reissuing credentials; as part of #44882, the client-side TLS session resumption machinery was disabled (it wouldn't really work with how Teleport uses internal services anyway). This PR disables server-side TLS session resumption so that v16 (and earlier, but that's not relevant) clients will continue to play well with v17 servers at all times during and after a CA rotation.

@espadolini espadolini added no-changelog Indicates that a PR does not require a changelog entry backport/branch/v17 labels Oct 30, 2024
@aws-amplify-us-west-2 AWS Amplify (us-west-2)
Copy link

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-48130.d3pp5qlev8mo18.amplifyapp.com

@espadolini espadolini enabled auto-merge October 30, 2024 17:07
@espadolini espadolini added this pull request to the merge queue Oct 30, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 30, 2024
@espadolini espadolini added this pull request to the merge queue Oct 30, 2024
Merged via the queue into master with commit 824a5f0 Oct 30, 2024
42 checks passed
@espadolini espadolini deleted the espadolini/reloadless-disable-session-tickets branch October 30, 2024 19:22
@public-teleport-github-review-bot
Copy link

@espadolini See the table below for backport results.

Branch Result
branch/v17 Create PR

@espadolini espadolini mentioned this pull request Oct 30, 2024
Merged
codingllama
codingllama reviewed Oct 30, 2024
View reviewed changes
Copy link
Contributor

@codingllama codingllama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for spotting this, Edoardo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codingllama codingllama codingllama left review comments

@rosstimothy rosstimothy rosstimothy approved these changes

@zmb3 zmb3 zmb3 approved these changes

Assignees
No one assigned
Labels
backport/branch/v17 merge-for-v17 no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@espadolini @zmb3 @codingllama @rosstimothy