[
https://issues.apache.org/jira/browse/TS-2557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208702#comment-14208702
]
Brian Geffon commented on TS-2557:
----------------------------------
[[email protected]] were you thinking about exposing this logic to plugins?
How were you thinking this could be beneficial?
> adopt resumable SSL session API
> -------------------------------
>
> Key: TS-2557
> URL: https://issues.apache.org/jira/browse/TS-2557
> Project: Traffic Server
> Issue Type: New Feature
> Components: Security, SSL
> Reporter: James Peach
> Assignee: Brian Geffon
> Fix For: sometime
>
>
> In OpenSSL 1.1.0 adds a new callback API for applications to control whether
> the TLS session should be cached or not.
> {quote}
> void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int
> (*cb)(SSL *ssl, int is_forward_secure))
> void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL
> *ssl, int is_forward_secure))
> for use by SSL/TLS servers; the callback function will be called
> whenever a
> new session is created, and gets to decide whether the session may be
> cached to make it resumable (return 0) or not (return 1). (As by the
> SSL/TLS protocol specifications, the session_id sent by the server will
> be
> empty to indicate that the session is not resumable; also, the server
> will
> not generate RFC 4507 (RFC 5077) session tickets.)
> A simple reasonable callback implementation is to return
> is_forward_secure.
> This parameter will be set to 1 or 0 depending on the ciphersuite
> selected
> by the SSL/TLS server library, indicating whether it can provide forward
> security.
> {quote}
> This seems like a useful sort of option.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
