[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13837197#comment-13837197 ]
James Peach commented on TS-1146: --------------------------------- Nice work [~sunwei]! A few comments: - patch does not apply to master due to changes in {{iocore/net/SSLUtils.cc}} - there's a bit of unnecessary whitespace added ({{git diff}} should show you where it is) - I don't see the need for {{proxy.config.ssl.server.sessionticket.enabled}} since this needs to be enabled by the administrator in {{ssl_multicert.config}} - as currently constructed this patch does not require {{ssl_callback_session_ticket}} to be global, so it should be static - is the {{ssl_ticket_key_t}} file format a standard format? Are the values secret? Does it make sense to inline them into {{ssl_multicert.config}} I'll probably have some more comments once the patch applies to master. I'd also like to see some documentation around this of course :) Do you have any ideas about how we could do automated regression tests for this? > RFC 5077 TLS Session tickets > ---------------------------- > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL > Reporter: James Peach > Assignee: James Peach > Labels: A > Fix For: 5.0.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.1#6144)