You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Bryan Call (JIRA)" <ji...@apache.org> on 2016/08/16 16:20:20 UTC
[jira] [Updated] (TS-2557) Adopt resumable TLS session API
[ https://issues.apache.org/jira/browse/TS-2557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Call updated TS-2557:
---------------------------
Summary: Adopt resumable TLS session API (was: adopt resumable SSL session API)
> Adopt resumable TLS session API
> -------------------------------
>
> Key: TS-2557
> URL: https://issues.apache.org/jira/browse/TS-2557
> Project: Traffic Server
> Issue Type: New Feature
> Components: Security, SSL
> Reporter: James Peach
> Assignee: Brian Geffon
> Fix For: sometime
>
>
> In OpenSSL 1.1.0 adds a new callback API for applications to control whether the TLS session should be cached or not.
> {quote}
> void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
> void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure))
> for use by SSL/TLS servers; the callback function will be called whenever a
> new session is created, and gets to decide whether the session may be
> cached to make it resumable (return 0) or not (return 1). (As by the
> SSL/TLS protocol specifications, the session_id sent by the server will be
> empty to indicate that the session is not resumable; also, the server will
> not generate RFC 4507 (RFC 5077) session tickets.)
> A simple reasonable callback implementation is to return is_forward_secure.
> This parameter will be set to 1 or 0 depending on the ciphersuite selected
> by the SSL/TLS server library, indicating whether it can provide forward
> security.
> {quote}
> This seems like a useful sort of option.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)