You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2014/05/01 04:58:16 UTC
[jira] [Updated] (TS-2557) adopt resumable SSL session API
[ https://issues.apache.org/jira/browse/TS-2557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-2557:
------------------------------
Fix Version/s: sometime
> adopt resumable SSL session API
> -------------------------------
>
> Key: TS-2557
> URL: https://issues.apache.org/jira/browse/TS-2557
> Project: Traffic Server
> Issue Type: New Feature
> Components: Security, SSL
> Reporter: James Peach
> Fix For: sometime
>
>
> In OpenSSL 1.1.0 adds a new callback API for applications to control whether the TSL session should be cached or not.
> {quote}
> void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
> void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure))
> for use by SSL/TLS servers; the callback function will be called whenever a
> new session is created, and gets to decide whether the session may be
> cached to make it resumable (return 0) or not (return 1). (As by the
> SSL/TLS protocol specifications, the session_id sent by the server will be
> empty to indicate that the session is not resumable; also, the server will
> not generate RFC 4507 (RFC 5077) session tickets.)
> A simple reasonable callback implementation is to return is_forward_secure.
> This parameter will be set to 1 or 0 depending on the ciphersuite selected
> by the SSL/TLS server library, indicating whether it can provide forward
> security.
> {quote}
> This seems like a useful sort of option.
--
This message was sent by Atlassian JIRA
(v6.2#6252)