RFC 5077 ticket key derivation

[Sam Hartman]

 *
 * Signs the administrator configured key, using the private key associated with the
 * SSL context, then hashes the signature to get a key of an appropriate length,
 * which is fed to the hmac and encryption contexts for the session ticket.


wait. What?
I'm not parsing what you're trying to do there, and it's triggering my
security spidy sense.
Why do you ever want to hash a signature to get an encryption key?

--Sam