Miroslav Lichvar b1230efac3 nts: add support for encrypting cookies with AES-128-GCM-SIV ...

If AES-128-GCM-SIV is available on the server, use it for encryption of
cookies. This makes them shorter by 4 bytes due to shorter nonce and it
might also improve the server performance.

After server upgrade and restart with ntsdumpdir, the switch will happen
on the second rotation of the server key. Clients should accept shorter
cookies without restarting NTS-KE. The first response will have extra
padding in the authenticator field to make the length symmetric.

2022-10-19 15:50:39 +02:00

27 KiB

Raw Blame History

View Raw