Changeset fdd3bf0 in mod_gnutls for src/gnutls_hooks.c

Timestamp:

Sep 30, 2018, 1:36:26 PM (2 years ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

debian/master, master, proxy-ticket

Children:

bac1a32

Parents:

bd2b48b

git-author:

Fiona Klute <fiona.klute@…> (09/30/18 13:26:54)

git-committer:

Fiona Klute <fiona.klute@…> (09/30/18 13:36:26)

Message:

Enable session tickets by default if GnuTLS version >= 3.6.4

GnuTLS 3.6.4 introduced automatic master key rotation, and TLS 1.3
takes care of other reasons not to use tickets while requiring them
for session resumption.

File:

• src/gnutls_hooks.c (modified) (1 diff)

src/gnutls_hooks.c

@@ -615 +615 @@
             sc->enabled = GNUTLS_ENABLED_FALSE;
         if (sc->tickets == GNUTLS_ENABLED_UNSET)
-            sc->tickets = GNUTLS_ENABLED_FALSE;
+        {
+            /* GnuTLS 3.6.4 introduced automatic master key rotation */
+            if (gnutls_check_version_numeric(3, 6, 4))
+                sc->tickets = GNUTLS_ENABLED_TRUE;
+            else
+                sc->tickets = GNUTLS_ENABLED_FALSE;
+        }
         if (sc->export_certificates_size < 0)
             sc->export_certificates_size = 0;