[
https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13837197#comment-13837197
]
James Peach commented on TS-1146:
---------------------------------
Nice work [~sunwei]!
A few comments:
- patch does not apply to master due to changes in
{{iocore/net/SSLUtils.cc}}
- there's a bit of unnecessary whitespace added ({{git diff}} should show
you where it is)
- I don't see the need for
{{proxy.config.ssl.server.sessionticket.enabled}} since this needs to be
enabled by the administrator in {{ssl_multicert.config}}
- as currently constructed this patch does not require
{{ssl_callback_session_ticket}} to be global, so it should be static
- is the {{ssl_ticket_key_t}} file format a standard format? Are the values
secret? Does it make sense to inline them into {{ssl_multicert.config}}
I'll probably have some more comments once the patch applies to master.
I'd also like to see some documentation around this of course :)
Do you have any ideas about how we could do automated regression tests for this?
> RFC 5077 TLS Session tickets
> ----------------------------
>
> Key: TS-1146
> URL: https://issues.apache.org/jira/browse/TS-1146
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
> Reporter: James Peach
> Assignee: James Peach
> Labels: A
> Fix For: 5.0.0
>
> Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt,
> session_ticket.patch
>
>
> For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the
> machines need to have the same server ticket.
> See https://github.com/apache/httpd rev
> 967d943b93498233f0ec81a5b48706fdb6892dfd
--
This message was sent by Atlassian JIRA
(v6.1#6144)
