Introduce ticket support. To enable them it is enough to set a positive - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	claudio <>	2017-01-24 01:48:05 +0000
committer	claudio <>	2017-01-24 01:48:05 +0000
commit	d78c389be49cfb5c1e450de1ffe9b19331871124 (patch)
tree	df70a1321916b965fd5fe88a72940612ae3642f4 /src/lib/libc
parent	2367558cf5d952b4f895457cfb15046d05a01529 (diff)
download	openbsd-d78c389be49cfb5c1e450de1ffe9b19331871124.tar.gz openbsd-d78c389be49cfb5c1e450de1ffe9b19331871124.tar.bz2 openbsd-d78c389be49cfb5c1e450de1ffe9b19331871124.zip

Introduce ticket support. To enable them it is enough to set a positive

lifetime with tls_config_set_session_lifetime(). This enables tickets and uses an internal automatic rekeying mode for the ticket keys. If multiple processes are involved the following functions can be used to make tickets work accross all instances: - tls_config_set_session_id() sets the session identifier - tls_config_add_ticket_key() adds an encryption and authentication key For now only the last 4 keys added will be used (unless they are too old). If tls_config_add_ticket_key() is used the caller must ensure to add new keys regularly. It is best to do this 4 times per session lifetime (which is also the ticket key lifetime). Since tickets break PFS it is best to minimize the session lifetime according to needs. With a lot of help, input and OK beck@, jsing@

Diffstat (limited to 'src/lib/libc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: