Go to page

Bibliographic Metadata


To establish a secure TLS connection between client and server, both parties have to perform a handshake where they establish a common secret. However, performing the secret establishment every time is very costly and increases the latency. For that reason, TLS offers session resumption mechanisms that allow both parties to reuse a previously established secret. A widely used resumption mechanism is session tickets. After the secret has been established, the server issues a session ticket containing the secret to the client. In the session resumption, the client sends the ticket back to the server. It is essential for the confidentiality of the sessions that the server encrypts the ticket with a STEK (Session Ticket Encryption Key). In 2020, Fiona Klute found a vulnerability in GnuTLS where the STEK was initialized with all-zeros allowing an attacker to decrypt recorded sessions retrospectively. This motivates us to evaluate the TLS session ticket ecosystem in more detail. Therefore, we present different vulnerabilities that might appear in session ticket handling of webservers. Next, we implement test suites for the presented vulnerabilities and evaluate them for the Tranco Top Million hosts in a large-scale scan. Finally, we present the results for the different evaluated vulnerabilities and other interesting findings in our thesis. We discovered that similarly to GnuTLS several thousand domains hosted by AWS used an all-zero STEK to encrypt their session tickets.