In case of TLS, keys used to encrypt session tickets is also a long-term secret that needs to be taken care in addition to RSA private keys (note :in H2O we rotate the session ticket keys periodically, but not all web servers do it; see http://blog.kazuhooku.com/2015/07/h2o-version-140-released-with.html).
With OpenSSL it is possible add user-defined symmetric ciphers / HMACs at run-time, so it is theoretically possible to create them that uses IPC so that their secrets will be protected in conjunction with the RSA private keys.
The downside is that due to how OpenSSL is designed, it would cause two IPC calls for every ticket-based session resumption.
In case of TLS, keys used to encrypt session tickets is also a long-term secret that needs to be taken care in addition to RSA private keys (note :in H2O we rotate the session ticket keys periodically, but not all web servers do it; see http://blog.kazuhooku.com/2015/07/h2o-version-140-released-with.html).
With OpenSSL it is possible add user-defined symmetric ciphers / HMACs at run-time, so it is theoretically possible to create them that uses IPC so that their secrets will be protected in conjunction with the RSA private keys.
The downside is that due to how OpenSSL is designed, it would cause two IPC calls for every ticket-based session resumption.