This is an automated email from the ASF dual-hosted git repository.
cmcfarlen pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 46f55b4d79 proxy.config.ssl.session_cache.mode (#12414) (#12419)
46f55b4d79 is described below
commit 46f55b4d79c555c9a14884e979f3df55c145eb2f
Author: Brian Neradt <brian.ner...@gmail.com>
AuthorDate: Mon Aug 4 19:53:51 2025 -0500
proxy.config.ssl.session_cache.mode (#12414) (#12419)
In the 10.0.0 release, we renamed proxy.config.ssl.session_cache.enabled
to proxy.config.ssl.session_cache.value because enabled seemed incorrect
for a configuration that took a non-boolean enumeration of values. We
accidentially left the documentation describing
proxy.config.ssl.session_cache.enabled, however. In discussion about
this, we decided to rename such configurations to "mode" instead of
value. Another issue (#12412) records making these renames for 11.0.0.
This PR just addresses the current issues with
proxy.config.ssl.session_cache.enabled by:
* Adding implementation support for
proxy.config.ssl.session_cache.enabled since we documented that
already but document it as deprecated.
* Keep implementation support for proxy.config.ssl.session_cache.value
since users might be using that.
* Add proxy.config.ssl.session_cache.mode as the preferred new mode.
The user can set values for any of these via:
* implicit default config values,
* plugin default values via TSMgmtIntCreate,
* explicit records.yaml values, or
* override via environment variable.
It will probably be a very rare user that implements any of these across
values, but in case they do, this patch implements a selection of the
finally chosen config value based on a priority base of the above, with
"mode" valued over "value" valued over "enabled".
Fixes: #11901
(cherry picked from commit 87bb60259b25734e651e5019b410a9ccf8cbd371)
---
doc/admin-guide/files/records.yaml.en.rst | 19 +++--
doc/admin-guide/performance/index.en.rst | 2 +-
.../tools/converting-records-to-yaml.en.rst | 2 +-
.../api/functions/TSSslSession.en.rst | 2 +-
.../hooks-and-transactions/ssl-session-api.en.rst | 2 +-
doc/release-notes/upgrading.en.rst | 2 +-
include/records/RecDefs.h | 8 +-
src/iocore/net/SSLConfig.cc | 86 +++++++++++++++++++++-
src/records/RecordsConfig.cc | 6 +-
.../pluginTest/stek_share/stek_share.test.py | 10 +--
tests/gold_tests/records/gold/full_records.yaml | 2 +-
tests/gold_tests/records/gold/renamed_records.gold | 2 +-
tests/gold_tests/records/gold/renamed_records.yaml | 2 +-
tests/gold_tests/tls/tls_0rtt_server.test.py | 4 +-
.../tls/tls_origin_session_reuse.test.py | 8 +-
tests/gold_tests/tls/tls_session_reuse.test.py | 6 +-
tools/records/convert2yaml.py | 2 +-
17 files changed, 131 insertions(+), 34 deletions(-)
diff --git a/doc/admin-guide/files/records.yaml.en.rst
b/doc/admin-guide/files/records.yaml.en.rst
index d0f8e60102..032894c564 100644
--- a/doc/admin-guide/files/records.yaml.en.rst
+++ b/doc/admin-guide/files/records.yaml.en.rst
@@ -3946,9 +3946,9 @@ SSL Termination
Setting a value less than or equal to ``0`` effectively disables
SSL session cache for the origin server.
-.. ts:cv:: CONFIG proxy.config.ssl.session_cache.enabled INT 2
+.. ts:cv:: CONFIG proxy.config.ssl.session_cache.mode INT 2
- Enables the SSL session cache:
+ Sets the SSL session cache mode:
===== ======================================================================
Value Description
@@ -3960,13 +3960,22 @@ SSL Termination
implementation.
===== ======================================================================
+.. ts:cv:: CONFIG proxy.config.ssl.session_cache.enabled INT 2
+
+ .. deprecated:: 10.1.0
+ Use :ts:cv:`proxy.config.ssl.session_cache.mode` instead.
+
+ This configuration exists for historical reasons and is deprecated in favor
of
+ :ts:cv:`proxy.config.ssl.session_cache.mode`. It accepts the same values and
+ has identical behavior, so see that documentation for details.
+
.. ts:cv:: CONFIG proxy.config.ssl.session_cache.timeout INT 0
This configuration specifies the lifetime of SSL session cache
entries in seconds. If it is ``0``, then the SSL library will use
a default value, typically 300 seconds. Note: This option has no affect
when using the |TS| session cache (option ``2`` in
- ``proxy.config.ssl.session_cache.enabled``)
+ ``proxy.config.ssl.session_cache.mode``)
See :ref:`admin-performance-timeouts` for more discussion on |TS| timeouts.
@@ -4008,9 +4017,9 @@ SSL Termination
Take into account that setting the value to 0 will disable session caching
for TLSv1.3
connections.
- Lowering this setting to ``1`` can be interesting when
``proxy.config.ssl.session_cache.enabled`` is enabled because
+ Lowering this setting to ``1`` can be interesting when
``proxy.config.ssl.session_cache.mode`` is enabled because
otherwise for every new TLSv1.3 connection two session IDs will be inserted
in the session cache.
- On the other hand, if ``proxy.config.ssl.session_cache.enabled`` is
disabled, using the default value is recommended.
+ On the other hand, if ``proxy.config.ssl.session_cache.mode`` is disabled,
using the default value is recommended.
In those scenarios, increasing the number of tickets could be potentially
beneficial for clients performing
multiple requests over concurrent TLS connections as per RFC 8446 clients
SHOULDN'T reuse TLS Tickets.
diff --git a/doc/admin-guide/performance/index.en.rst
b/doc/admin-guide/performance/index.en.rst
index 689ef41ea4..461c6a9d84 100644
--- a/doc/admin-guide/performance/index.en.rst
+++ b/doc/admin-guide/performance/index.en.rst
@@ -528,7 +528,7 @@ SSL-Specific Options
~~~~~~~~~~~~~~~~~~~~
:ts:cv:`proxy.config.ssl.max_record_size`
-:ts:cv:`proxy.config.ssl.session_cache.enabled`
+:ts:cv:`proxy.config.ssl.session_cache.mode`
:ts:cv:`proxy.config.ssl.session_cache.size`
Thread Types
diff --git a/doc/admin-guide/tools/converting-records-to-yaml.en.rst
b/doc/admin-guide/tools/converting-records-to-yaml.en.rst
index c6ef4d4080..c5539d5aec 100644
--- a/doc/admin-guide/tools/converting-records-to-yaml.en.rst
+++ b/doc/admin-guide/tools/converting-records-to-yaml.en.rst
@@ -158,7 +158,7 @@ Converting a file with a detailed output.
├──» #5 : proxy.config.ssl.TLSv1_3 -> proxy.config.ssl.TLSv1_3.enabled
├──» #6 : proxy.config.ssl.client.TLSv1_3 ->
proxy.config.ssl.client.TLSv1_3.enabled
├──» #7 : proxy.config.ssl.origin_session_cache ->
proxy.config.ssl.origin_session_cache.enabled
- └──» #8 : proxy.config.ssl.session_cache ->
proxy.config.ssl.session_cache.value
+ └──» #8 : proxy.config.ssl.session_cache ->
proxy.config.ssl.session_cache.mode
There are a few things to note here:
diff --git a/doc/developer-guide/api/functions/TSSslSession.en.rst
b/doc/developer-guide/api/functions/TSSslSession.en.rst
index 2e0ab9230b..07a29d633e 100644
--- a/doc/developer-guide/api/functions/TSSslSession.en.rst
+++ b/doc/developer-guide/api/functions/TSSslSession.en.rst
@@ -38,7 +38,7 @@ Description
===========
These functions work with the internal ATS session cache. These functions are
only useful if the ATS internal
-session cache is enabled by setting
:ts:cv:`proxy.config.ssl.session_cache.enabled` has been set to 2.
+session cache is enabled by setting
:ts:cv:`proxy.config.ssl.session_cache.mode` has been set to 2.
These functions tend to be used with the :enumerator:`TS_SSL_SESSION_HOOK`.
diff --git
a/doc/developer-guide/plugins/hooks-and-transactions/ssl-session-api.en.rst
b/doc/developer-guide/plugins/hooks-and-transactions/ssl-session-api.en.rst
index d6f050872d..f85ed86608 100644
--- a/doc/developer-guide/plugins/hooks-and-transactions/ssl-session-api.en.rst
+++ b/doc/developer-guide/plugins/hooks-and-transactions/ssl-session-api.en.rst
@@ -31,7 +31,7 @@ to enable the plugin to update the session cache based on
outside information, e
This hook is invoked when a change has been made to the ATS session cache or a
session has been accessed
from ATS via OpenSSL. These hooks are only activated if the ATS
implementation of the session cache is in
-use. This means :ts:cv:`proxy.config.ssl.session_cache.enabled` has been set
to 2.
+use. This means :ts:cv:`proxy.config.ssl.session_cache.mode` has been set to
2.
The hook callback has the following signature
diff --git a/doc/release-notes/upgrading.en.rst
b/doc/release-notes/upgrading.en.rst
index 7b6eaf06e8..90df999654 100644
--- a/doc/release-notes/upgrading.en.rst
+++ b/doc/release-notes/upgrading.en.rst
@@ -172,7 +172,7 @@ The following :file:`records.yaml` changes have been made:
- The records.yaml entry ``proxy.config.exec_thread.autoconfig`` has been
renamed to :ts:cv:`proxy.config.exec_thread.autoconfig.enabled`.
- The records.yaml entry ``proxy.config.tunnel.prewarm`` has been renamed to
:ts:cv:`proxy.config.tunnel.prewarm.enabled`.
- The records.yaml entry ``proxy.config.ssl.origin_session_cache`` has been
renamed to :ts:cv:`proxy.config.ssl.origin_session_cache.enabled`.
-- The records.yaml entry ``proxy.config.ssl.session_cache`` has been renamed
to :ts:cv:`proxy.config.ssl.session_cache.enabled`.
+- The records.yaml entry ``proxy.config.ssl.session_cache`` has been renamed
to :ts:cv:`proxy.config.ssl.session_cache.mode`.
- The records.yaml entry ``proxy.config.ssl.TLSv1_3`` has been renamed to
:ts:cv:`proxy.config.ssl.TLSv1_3.enabled`.
- The records.yaml entry ``proxy.config.ssl.client.TLSv1_3`` has been renamed
to :ts:cv:`proxy.config.ssl.client.TLSv1_3.enabled`.
- The records.yaml entry :ts:cv:`proxy.config.allocator.iobuf_chunk_sizes` has
been added
diff --git a/include/records/RecDefs.h b/include/records/RecDefs.h
index eb87a8750e..df1635a511 100644
--- a/include/records/RecDefs.h
+++ b/include/records/RecDefs.h
@@ -115,11 +115,11 @@ enum RecCheckT {
/// @internal @c REC_SOURCE_NULL is useful for a return value, I don't see
using it in the actual data.
/// @internal If this is changed, TSMgmtSource in apidefs.h.in must also be
changed.
enum RecSourceT {
- REC_SOURCE_NULL, ///< No source / value not set.
- REC_SOURCE_DEFAULT, ///< Built in default.
- REC_SOURCE_PLUGIN, ///< Plugin supplied default.
+ REC_SOURCE_NULL, ///< No source / value not set. Not used in the actual
data.
+ REC_SOURCE_DEFAULT, ///< Built in records.yaml default.
+ REC_SOURCE_PLUGIN, ///< Plugin supplied default. See
TSMgmtIntCreate/TSMgmtStringCreate.
REC_SOURCE_EXPLICIT, ///< Set by administrator (config file, external API,
etc.)
- REC_SOURCE_ENV ///< Process environment variable.
+ REC_SOURCE_ENV ///< Process environment variable override.
};
enum RecAccessT {
diff --git a/src/iocore/net/SSLConfig.cc b/src/iocore/net/SSLConfig.cc
index af0056c4f4..fdd7ea7c9d 100644
--- a/src/iocore/net/SSLConfig.cc
+++ b/src/iocore/net/SSLConfig.cc
@@ -42,10 +42,13 @@
#include "tscore/ink_config.h"
#include "tscore/Layout.h"
#include "records/RecHttp.h"
+#include "records/RecCore.h"
#include <openssl/pem.h>
+#include <array>
#include <cstring>
#include <cmath>
+#include <unordered_map>
int SSLConfig::config_index = 0;
int SSLConfig::configids[] =
{0, 0};
@@ -89,6 +92,87 @@ DbgCtl dbg_ctl_ssl_client_ctx{"ssl_client_ctx"};
} // end anonymous namespace
+/** Determines the SSL session cache configuration value using a
priority-based selection scheme.
+ *
+ * This function resolves the SSL session cache configuration by evaluating
multiple potential
+ * configuration sources and selecting the one with the highest priority. The
priority calculation
+ * combines two factors:
+ *
+ * Configuration Name Priority (base priority):
+ * - `proxy.config.ssl.session_cache.mode`: 3 (highest preference)
+ * - `proxy.config.ssl.session_cache.value`: 2 (medium preference)
+ * - `proxy.config.ssl.session_cache.enabled`: 1 (lowest preference)
+ *
+ * Configuration Source Priority (added to base priority):
+ * - Environment variable (`REC_SOURCE_ENV`): +0x30 (highest precedence)
+ * - Explicit configuration (`REC_SOURCE_EXPLICIT`): +0x20 (config file, API)
+ * - Plugin default (`REC_SOURCE_PLUGIN`): +0x10 (plugin changed the default
value via TSMgmtIntCreate)
+ * - Built-in default (`REC_SOURCE_DEFAULT`): +0x00 (lowest precedence)
+ *
+ * Priority Calculation:
+ * `total_priority = base_priority + source_priority`
+ *
+ * Examples:
+ * - `mode` set via environment variable: 3 + 0x30 = 0x33 (highest possible)
+ * - `mode` set explicitly in config: 3 + 0x20 = 0x23
+ * - `value` set via environment variable: 2 + 0x30 = 0x32
+ * - `enabled` set explicitly in config: 1 + 0x20 = 0x21
+ *
+ * The configuration with the highest total priority is selected. This ensures
that:
+ * 1. Environment variables always override other sources.
+ * 2. Among configurations from the same source, `mode` > `value` > `enabled`.
+ * 3. Explicit configuration overrides plugin defaults and built-in defaults.
+ *
+ * @return The SSL session cache mode value.
+ */
+static int
+get_ssl_session_cache_config()
+{
+ //
+ // TODO: in 11.x, we can simply remove this function and use only
proxy.config.ssl.session_cache.mode.
+ //
+
+ struct ConfigOption {
+ const char *name; ///< Configuration parameter name (e.g.,
"proxy.config.ssl.session_cache.mode").
+ int value; ///< The configured value if explicitly set.
+ int priority; ///< The inherit priority of the config name, higher
is more preferred.
+ };
+
+ /// The priority of the source. Higher is more preferred.
+ std::unordered_map<int, int> source_priorities = {
+ {REC_SOURCE_ENV, 0x30},
+ {REC_SOURCE_EXPLICIT, 0x20},
+ {REC_SOURCE_PLUGIN, 0x10},
+ {REC_SOURCE_DEFAULT, 0x0 },
+ {REC_SOURCE_NULL, 0x0 }, // For completeness, no record should have
this set.
+ };
+
+ std::array<ConfigOption, 3> configs = {
+ {
+ {"proxy.config.ssl.session_cache.mode", 0, 0x3},
+ {"proxy.config.ssl.session_cache.value", 0, 0x2},
+ {"proxy.config.ssl.session_cache.enabled", 0, 0x1},
+ }
+ };
+
+ // Loop over the config names, updating their priority score per their
source.
+ auto *highest_priority_config = &configs[0];
+ for (auto &config : configs) {
+ RecSourceT source;
+ if (RecGetRecordSource(config.name, &source) == REC_ERR_OKAY) {
+ config.priority += source_priorities[source];
+ REC_ReadConfigInteger(config.value, config.name);
+ if (config.priority > highest_priority_config->priority) {
+ highest_priority_config = &config;
+ }
+ } else {
+ // We need to update our logic here if any of these configs are removed.
+ ink_release_assert(false);
+ }
+ }
+ return highest_priority_config->value;
+}
+
SSLConfigParams::SSLConfigParams()
{
ink_mutex_init(&ctxMapLock);
@@ -446,7 +530,7 @@ SSLConfigParams::initialize()
// SSL session cache configurations
REC_ReadConfigInteger(ssl_origin_session_cache,
"proxy.config.ssl.origin_session_cache.enabled");
REC_ReadConfigInteger(ssl_origin_session_cache_size,
"proxy.config.ssl.origin_session_cache.size");
- REC_ReadConfigInteger(ssl_session_cache,
"proxy.config.ssl.session_cache.value");
+ ssl_session_cache = get_ssl_session_cache_config();
REC_ReadConfigInteger(ssl_session_cache_size,
"proxy.config.ssl.session_cache.size");
REC_ReadConfigInteger(ssl_session_cache_num_buckets,
"proxy.config.ssl.session_cache.num_buckets");
REC_ReadConfigInteger(ssl_session_cache_skip_on_contention,
"proxy.config.ssl.session_cache.skip_cache_on_bucket_contention");
diff --git a/src/records/RecordsConfig.cc b/src/records/RecordsConfig.cc
index 9490ed9ec9..f1c85ad93c 100644
--- a/src/records/RecordsConfig.cc
+++ b/src/records/RecordsConfig.cc
@@ -1191,7 +1191,11 @@ static const RecordElement RecordsConfig[] =
,
{RECT_CONFIG, "proxy.config.ssl.origin_session_cache.size", RECD_INT,
"10240", RECU_RESTART_TS, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
,
- {RECT_CONFIG, "proxy.config.ssl.session_cache.value", RECD_INT, "2",
RECU_RESTART_TS, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
+ {RECT_CONFIG, "proxy.config.ssl.session_cache.mode", RECD_INT, "2",
RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-2]", RECA_NULL}
+ ,
+ {RECT_CONFIG, "proxy.config.ssl.session_cache.enabled", RECD_INT, "2",
RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-2]", RECA_NULL}
+ ,
+ {RECT_CONFIG, "proxy.config.ssl.session_cache.value", RECD_INT, "2",
RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-2]", RECA_NULL}
,
{RECT_CONFIG, "proxy.config.ssl.session_cache.size", RECD_INT, "102400",
RECU_RESTART_TS, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
,
diff --git a/tests/gold_tests/pluginTest/stek_share/stek_share.test.py
b/tests/gold_tests/pluginTest/stek_share/stek_share.test.py
index de320d64b0..fc6a3a63f7 100644
--- a/tests/gold_tests/pluginTest/stek_share/stek_share.test.py
+++ b/tests/gold_tests/pluginTest/stek_share/stek_share.test.py
@@ -164,7 +164,7 @@ ts1.Disk.records_config.update(
'proxy.config.exec_thread.limit': 4,
'proxy.config.ssl.server.cert.path': '{0}'.format(Test.RunDirectory),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(Test.RunDirectory),
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 1024,
'proxy.config.ssl.session_cache.timeout': 7200,
'proxy.config.ssl.session_cache.num_buckets': 16,
@@ -184,7 +184,7 @@ ts2.Disk.records_config.update(
'proxy.config.exec_thread.limit': 4,
'proxy.config.ssl.server.cert.path': '{0}'.format(Test.RunDirectory),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(Test.RunDirectory),
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 1024,
'proxy.config.ssl.session_cache.timeout': 7200,
'proxy.config.ssl.session_cache.num_buckets': 16,
@@ -204,7 +204,7 @@ ts3.Disk.records_config.update(
'proxy.config.exec_thread.limit': 4,
'proxy.config.ssl.server.cert.path': '{0}'.format(Test.RunDirectory),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(Test.RunDirectory),
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 1024,
'proxy.config.ssl.session_cache.timeout': 7200,
'proxy.config.ssl.session_cache.num_buckets': 16,
@@ -224,7 +224,7 @@ ts4.Disk.records_config.update(
'proxy.config.exec_thread.limit': 4,
'proxy.config.ssl.server.cert.path': '{0}'.format(Test.RunDirectory),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(Test.RunDirectory),
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 1024,
'proxy.config.ssl.session_cache.timeout': 7200,
'proxy.config.ssl.session_cache.num_buckets': 16,
@@ -244,7 +244,7 @@ ts5.Disk.records_config.update(
'proxy.config.exec_thread.limit': 4,
'proxy.config.ssl.server.cert.path': '{0}'.format(Test.RunDirectory),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(Test.RunDirectory),
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 1024,
'proxy.config.ssl.session_cache.timeout': 7200,
'proxy.config.ssl.session_cache.num_buckets': 16,
diff --git a/tests/gold_tests/records/gold/full_records.yaml
b/tests/gold_tests/records/gold/full_records.yaml
index cc23d51f18..fc02158c5b 100644
--- a/tests/gold_tests/records/gold/full_records.yaml
+++ b/tests/gold_tests/records/gold/full_records.yaml
@@ -564,11 +564,11 @@ records:
filename: null
session_cache:
auto_clear: 1
+ mode: 2
num_buckets: 256
size: 102400
skip_cache_on_bucket_contention: 0
timeout: 0
- value: 2
stop:
shutdown_timeout: 0
system:
diff --git a/tests/gold_tests/records/gold/renamed_records.gold
b/tests/gold_tests/records/gold/renamed_records.gold
index fca402fc51..c937200fc4 100644
--- a/tests/gold_tests/records/gold/renamed_records.gold
+++ b/tests/gold_tests/records/gold/renamed_records.gold
@@ -5,7 +5,7 @@
├──» #3 : proxy.config.hostdb -> proxy.config.hostdb.enabled
├──» #4 : proxy.config.tunnel.prewarm -> proxy.config.tunnel.prewarm.enabled
├──» #5 : proxy.config.ssl.origin_session_cache ->
proxy.config.ssl.origin_session_cache.enabled
- ├──» #6 : proxy.config.ssl.session_cache ->
proxy.config.ssl.session_cache.value
+ ├──» #6 : proxy.config.ssl.session_cache ->
proxy.config.ssl.session_cache.mode
├──» #7 : proxy.config.ssl.TLSv1_3 -> proxy.config.ssl.TLSv1_3.enabled
└──» #8 : proxy.config.ssl.client.TLSv1_3 ->
proxy.config.ssl.client.TLSv1_3.enabled
```
diff --git a/tests/gold_tests/records/gold/renamed_records.yaml
b/tests/gold_tests/records/gold/renamed_records.yaml
index 9d500de5fe..c8e91340f2 100644
--- a/tests/gold_tests/records/gold/renamed_records.yaml
+++ b/tests/gold_tests/records/gold/renamed_records.yaml
@@ -16,7 +16,7 @@ records:
origin_session_cache:
enabled: 0
session_cache:
- value: 0
+ mode: 0
tunnel:
prewarm:
enabled: 0
diff --git a/tests/gold_tests/tls/tls_0rtt_server.test.py
b/tests/gold_tests/tls/tls_0rtt_server.test.py
index 7b21ddbe77..5fdbffff04 100644
--- a/tests/gold_tests/tls/tls_0rtt_server.test.py
+++ b/tests/gold_tests/tls/tls_0rtt_server.test.py
@@ -104,7 +104,7 @@ ts1.Disk.records_config.update(
'proxy.config.exec_thread.limit': 8,
'proxy.config.ssl.server.cert.path':
'{0}'.format(ts1.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(ts1.Variables.SSLDir),
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 512000,
'proxy.config.ssl.session_cache.timeout': 7200,
'proxy.config.ssl.session_cache.num_buckets': 32768,
@@ -133,7 +133,7 @@ ts2.Disk.records_config.update(
'proxy.config.exec_thread.limit': 8,
'proxy.config.ssl.server.cert.path':
'{0}'.format(ts1.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(ts1.Variables.SSLDir),
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 512000,
'proxy.config.ssl.session_cache.timeout': 7200,
'proxy.config.ssl.session_cache.num_buckets': 32768,
diff --git a/tests/gold_tests/tls/tls_origin_session_reuse.test.py
b/tests/gold_tests/tls/tls_origin_session_reuse.test.py
index 1965b39774..2dc8f96d42 100644
--- a/tests/gold_tests/tls/tls_origin_session_reuse.test.py
+++ b/tests/gold_tests/tls/tls_origin_session_reuse.test.py
@@ -64,7 +64,7 @@ ts1.Disk.records_config.update(
'proxy.config.ssl.server.cert.path':
'{0}'.format(ts1.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(ts1.Variables.SSLDir),
'proxy.config.exec_thread.autoconfig.scale': 1.0,
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 4096,
'proxy.config.ssl.session_cache.num_buckets': 256,
'proxy.config.ssl.session_cache.skip_cache_on_bucket_contention': 0,
@@ -83,7 +83,7 @@ ts2.Disk.records_config.update(
'proxy.config.ssl.server.cert.path':
'{0}'.format(ts2.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(ts2.Variables.SSLDir),
'proxy.config.exec_thread.autoconfig.scale': 1.0,
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 4096,
'proxy.config.ssl.session_cache.num_buckets': 256,
'proxy.config.ssl.session_cache.skip_cache_on_bucket_contention': 0,
@@ -100,7 +100,7 @@ ts3.Disk.records_config.update(
'proxy.config.ssl.server.cert.path':
'{0}'.format(ts3.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(ts3.Variables.SSLDir),
'proxy.config.exec_thread.autoconfig.scale': 1.0,
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 4096,
'proxy.config.ssl.session_cache.num_buckets': 256,
'proxy.config.ssl.session_cache.skip_cache_on_bucket_contention': 0,
@@ -119,7 +119,7 @@ ts4.Disk.records_config.update(
'proxy.config.ssl.server.cert.path':
'{0}'.format(ts4.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path':
'{0}'.format(ts4.Variables.SSLDir),
'proxy.config.exec_thread.autoconfig.scale': 1.0,
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 4096,
'proxy.config.ssl.session_cache.num_buckets': 256,
'proxy.config.ssl.session_cache.skip_cache_on_bucket_contention': 0,
diff --git a/tests/gold_tests/tls/tls_session_reuse.test.py
b/tests/gold_tests/tls/tls_session_reuse.test.py
index ff0c25e034..2d36848313 100644
--- a/tests/gold_tests/tls/tls_session_reuse.test.py
+++ b/tests/gold_tests/tls/tls_session_reuse.test.py
@@ -57,7 +57,7 @@ ts1.Disk.records_config.update(
'proxy.config.ssl.server.cipher_suite':
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-D
[...]
'proxy.config.exec_thread.autoconfig.scale': 1.0,
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 4096,
'proxy.config.ssl.session_cache.num_buckets': 256,
'proxy.config.ssl.session_cache.skip_cache_on_bucket_contention': 0,
@@ -72,7 +72,7 @@ ts2.Disk.records_config.update(
'proxy.config.ssl.server.cipher_suite':
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-D
[...]
'proxy.config.exec_thread.autoconfig.scale': 1.0,
- 'proxy.config.ssl.session_cache.value': 2,
+ 'proxy.config.ssl.session_cache.mode': 2,
'proxy.config.ssl.session_cache.size': 4096,
'proxy.config.ssl.session_cache.num_buckets': 256,
'proxy.config.ssl.session_cache.skip_cache_on_bucket_contention': 0,
@@ -87,7 +87,7 @@ ts3.Disk.records_config.update(
'proxy.config.ssl.server.cipher_suite':
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-D
[...]
'proxy.config.exec_thread.autoconfig.scale': 1.0,
- 'proxy.config.ssl.session_cache.value': 0,
+ 'proxy.config.ssl.session_cache.mode': 0,
'proxy.config.ssl.session_cache.size': 4096,
'proxy.config.ssl.session_cache.num_buckets': 256,
'proxy.config.ssl.session_cache.skip_cache_on_bucket_contention': 0,
diff --git a/tools/records/convert2yaml.py b/tools/records/convert2yaml.py
index 0b425f3083..0643715c08 100755
--- a/tools/records/convert2yaml.py
+++ b/tools/records/convert2yaml.py
@@ -46,7 +46,7 @@ Renamed_Records = {
'proxy.config.hostdb': 'proxy.config.hostdb.enabled',
'proxy.config.tunnel.prewarm': 'proxy.config.tunnel.prewarm.enabled',
'proxy.config.ssl.origin_session_cache':
'proxy.config.ssl.origin_session_cache.enabled',
- 'proxy.config.ssl.session_cache': 'proxy.config.ssl.session_cache.value',
+ 'proxy.config.ssl.session_cache': 'proxy.config.ssl.session_cache.mode',
'proxy.config.ssl.TLSv1_3': 'proxy.config.ssl.TLSv1_3.enabled',
'proxy.config.ssl.client.TLSv1_3':
'proxy.config.ssl.client.TLSv1_3.enabled'
}
