James Peach created TS-2557:
-------------------------------
Summary: adopt resumable SSL session API
Key: TS-2557
URL: https://issues.apache.org/jira/browse/TS-2557
Project: Traffic Server
Issue Type: New Feature
Components: Security, SSL
Reporter: James Peach
In OpenSSL 1.1.0 adds a new callback API for applications to control whether
the TSL session should be cached or not.
{quote}
void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int
(*cb)(SSL *ssl, int is_forward_secure))
void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL
*ssl, int is_forward_secure))
for use by SSL/TLS servers; the callback function will be called whenever a
new session is created, and gets to decide whether the session may be
cached to make it resumable (return 0) or not (return 1). (As by the
SSL/TLS protocol specifications, the session_id sent by the server will be
empty to indicate that the session is not resumable; also, the server will
not generate RFC 4507 (RFC 5077) session tickets.)
A simple reasonable callback implementation is to return is_forward_secure.
This parameter will be set to 1 or 0 depending on the ciphersuite selected
by the SSL/TLS server library, indicating whether it can provide forward
security.
{quote}
This seems like a useful sort of option.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
