Client session caching support is minimal #18

ctz · 2024-05-01T12:25:25Z

At the moment client-side session caching only respects SSL_CTX_sess_set_cache_size, but not the cache mode, callbacks, SSL_get_session etc.

Meaningfully implementing SSL_get_session would mean rustls client sessions would need to become serialisable -- they currently are not.

The text was updated successfully, but these errors were encountered:

ctz · 2024-06-19T11:33:31Z

I think this issue is mostly about client-side session caching, so probably shouldn't have much bearing on nginx.

I wonder what happens if we accept the SSL_CTX_set_tlsext_ticket_key_cb but never call the callback?

To get this fully working we'd need to implement the rustls ProducesTickets trait in terms of calling the callback, then using the returned cipher and mac keys to implement the RFC5077 "recommended" construction which AIUI the openssl API is tightly coupled to.

cpu · 2024-06-23T17:02:50Z

I will pull the relevant comments into a new issue.

#30

ctz added the enhancement New feature or request label May 1, 2024

ctz changed the title ~~Client session caching is minimal~~ Client session caching support is minimal May 1, 2024

This comment was marked as off-topic.

Sign in to view

cpu mentioned this issue Jun 23, 2024

Investigate nginx 1.24.0 session resumption #30

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Client session caching support is minimal #18

Client session caching support is minimal #18

ctz commented May 1, 2024

This comment was marked as off-topic.

ctz commented Jun 19, 2024

This comment was marked as off-topic.

cpu commented Jun 23, 2024

Client session caching support is minimal #18

Client session caching support is minimal #18

Comments

ctz commented May 1, 2024

This comment was marked as off-topic.

ctz commented Jun 19, 2024

This comment was marked as off-topic.

cpu commented Jun 23, 2024