[ https://issues.apache.org/jira/browse/TS-2557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208702#comment-14208702 ]
Brian Geffon commented on TS-2557: ---------------------------------- [~jpe...@apache.org] were you thinking about exposing this logic to plugins? How were you thinking this could be beneficial? > adopt resumable SSL session API > ------------------------------- > > Key: TS-2557 > URL: https://issues.apache.org/jira/browse/TS-2557 > Project: Traffic Server > Issue Type: New Feature > Components: Security, SSL > Reporter: James Peach > Assignee: Brian Geffon > Fix For: sometime > > > In OpenSSL 1.1.0 adds a new callback API for applications to control whether > the TLS session should be cached or not. > {quote} > void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int > (*cb)(SSL *ssl, int is_forward_secure)) > void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL > *ssl, int is_forward_secure)) > for use by SSL/TLS servers; the callback function will be called > whenever a > new session is created, and gets to decide whether the session may be > cached to make it resumable (return 0) or not (return 1). (As by the > SSL/TLS protocol specifications, the session_id sent by the server will > be > empty to indicate that the session is not resumable; also, the server > will > not generate RFC 4507 (RFC 5077) session tickets.) > A simple reasonable callback implementation is to return > is_forward_secure. > This parameter will be set to 1 or 0 depending on the ciphersuite > selected > by the SSL/TLS server library, indicating whether it can provide forward > security. > {quote} > This seems like a useful sort of option. -- This message was sent by Atlassian JIRA (v6.3.4#6332)