CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2016/09/01 04:49:48
Modified files:
usr.sbin/relayd: config.c parse.y relay.c relayd.c relayd.conf.5
relayd.h
Log message:
Switch from the not really working session cache (because of the multiprocess
nature of relayd) to tls session tickets to do TLS session resumption.
TLS session tickets do not need to store SSL session data in the server but
instead send an encrypted ticket to the clients that allows to resume the
session. This is mostly stateless (apart from the encryption keys).
relayd now ensures that all relay processes use the same key to encrypt
the tickets. Keys are rotated every 2h and there is a primary and backup key.
The tls session timeout is set to 2h to hint to the clients how long the
session tickets is supposed to be alive.
Input and OK benno@, reyk@
