Hi,
I have a question how OpenBSD ftp and session resumption works and can be
enabled or used using the option -S session=somepath .
If I remember correctly this option was added at the time to improve the
performance of TLS handshakes for fetching OpenBSD packages from HTTPS mirrors.
I'd also like to test if this makes a difference for my use-case.
Is this option currently enabled and working? I haven't been able to see
session resumption being used when testing uses OpenBSD ftp.
I've looked in the OpenBSD source-code in ftp and libtls. In libtls it seems
to be disabled by default:
In lib/libtls/tls.c:
/* Disable any form of session caching by default */
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
In OpenBSD ftp in fetch.c in the function ftp_close() it indicates:
dprintf(STDERR_FILENO, "tls session resumed: %s\n",
tls_conn_session_resumed(*tls) ? "yes" : "no");
But it always has "tls session resumed: no" here.
I probably overlooked something,
Thanks,
--
Kind regards,
Hiltjo
