1TLS_CONFIG_SET_SESSIO... BSD Library Functions Manual TLS_CONFIG_SET_SESSIO...
2
4 tls_config_set_session_fd, tls_config_set_session_id,
5 tls_config_set_session_lifetime, tls_config_add_ticket_key — configure
6 resuming of TLS handshakes
7
9 #include <tls.h>
10 int
12 tls_config_set_session_fd(struct tls_config *config, int session_fd);
13 int
15 tls_config_set_session_id(struct tls_config *config,
16 const unsigned char *session_id, size_t len);
17 int
19 tls_config_set_session_lifetime(struct tls_config *config, int lifetime);
20 int
22 tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev,
23 unsigned char *key, size_t keylen);
24
26 tls_config_set_session_fd() sets a file descriptor to be used to manage
27 data for TLS sessions (client only). The given file descriptor must be a
28 regular file and be owned by the current user, with permissions being
29 restricted to only allow the owner to read and write the file (0600). If
30 the file has a non-zero length, the client will attempt to read session
31 data from this file and resume the previous TLS session with the server.
32 Upon a successful handshake the file will be updated with current session
33 data, if available. The caller is responsible for closing this file
34 descriptor, after all TLS contexts that have been configured to use it
35 have been freed via tls_free().
36 tls_config_set_session_id() sets the session identifier that will be used
38 by the TLS server when sessions are enabled (server only). By default a
39 random value is used.
40 tls_config_set_session_lifetime() sets the lifetime to be used for TLS
42 sessions (server only). Session support is disabled if a lifetime of
43 zero is specified, which is the default.
44 tls_config_add_ticket_key() adds a key used for the encryption and
46 authentication of TLS tickets (server only). By default keys are gener‐
47 ated and rotated automatically based on their lifetime. This function
48 should only be used to synchronise ticket encryption key across multiple
49 processes. Re-adding a known key will result in an error, unless it is
50 the most recently added key.
51
53 These functions return 0 on success or -1 on error.
54
56 tls_accept_socket(3), tls_config_set_protocols(3), tls_init(3),
57 tls_load_file(3), tls_server(3)
58
60 tls_config_set_session_id(), tls_config_set_session_lifetime() and
61 tls_config_add_ticket_key() appeared in OpenBSD 6.1.
62 tls_config_set_session_fd() appeared in OpenBSD 6.3.
64
66 Claudio Jeker <claudio@openbsd.org>
67 Joel Sing <jsing@openbsd.org>
68BSD February 10, 2018 BSD