[ 
https://issues.apache.org/jira/browse/TS-2557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208702#comment-14208702
 ] 

Brian Geffon commented on TS-2557:
----------------------------------

[~jpe...@apache.org] were you thinking about exposing this logic to plugins? 
How were you thinking this could be beneficial? 

> adopt resumable SSL session API
> -------------------------------
>
>                 Key: TS-2557
>                 URL: https://issues.apache.org/jira/browse/TS-2557
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: Security, SSL
>            Reporter: James Peach
>            Assignee: Brian Geffon
>             Fix For: sometime
>
>
> In OpenSSL 1.1.0 adds a new callback API for applications to control whether 
> the TLS session should be cached or not.
> {quote}
>        void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int 
> (*cb)(SSL *ssl, int is_forward_secure))
>        void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL 
> *ssl, int is_forward_secure))
>      for use by SSL/TLS servers; the callback function will be called 
> whenever a
>      new session is created, and gets to decide whether the session may be
>      cached to make it resumable (return 0) or not (return 1).  (As by the
>      SSL/TLS protocol specifications, the session_id sent by the server will 
> be
>      empty to indicate that the session is not resumable; also, the server 
> will
>      not generate RFC 4507 (RFC 5077) session tickets.)
>      A simple reasonable callback implementation is to return 
> is_forward_secure.
>      This parameter will be set to 1 or 0 depending on the ciphersuite 
> selected
>      by the SSL/TLS server library, indicating whether it can provide forward
>      security.
> {quote}
> This seems like a useful sort of option.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to