On Thu, May 05, 2022 at 10:59:45AM +0200, Hiltjo Posthuma wrote: > Hi, > > I have a question how OpenBSD ftp and session resumption works and can be > enabled or used using the option -S session=somepath . > > If I remember correctly this option was added at the time to improve the > performance of TLS handshakes for fetching OpenBSD packages from HTTPS > mirrors. > I'd also like to test if this makes a difference for my use-case. > > Is this option currently enabled and working? I haven't been able to see > session resumption being used when testing uses OpenBSD ftp.
Yes, it works, but only with TLSv1.2. For TLSv1.3 this needs support for PSK, which is not currently implemented. $ ftp -M -S"session=mysession.pem,protocols=tlsv1.2" https://www.openbsd.org/index.html Trying 199.185.178.80... Requesting https://www.openbsd.org/index.html 3494 bytes received in 0.00 seconds (9.06 MB/s) tls session resumed: no $ ftp -M -S"session=mysession.pem,protocols=tlsv1.2" https://www.openbsd.org/index.html Trying 199.185.178.80... Requesting https://www.openbsd.org/index.html 3494 bytes received in 0.00 seconds (8.88 MB/s) tls session resumed: yes