Changeset fdd3bf0 in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Sep 30, 2018, 1:36:26 PM (23 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, master, proxy-ticket
Children:
bac1a32
Parents:
bd2b48b
git-author:
Fiona Klute <fiona.klute@…> (09/30/18 13:26:54)
git-committer:
Fiona Klute <fiona.klute@…> (09/30/18 13:36:26)
Message:

Enable session tickets by default if GnuTLS version >= 3.6.4

GnuTLS 3.6.4 introduced automatic master key rotation, and TLS 1.3
takes care of other reasons not to use tickets while requiring them
for session resumption.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    rbd2b48b rfdd3bf0  
    615615            sc->enabled = GNUTLS_ENABLED_FALSE;
    616616        if (sc->tickets == GNUTLS_ENABLED_UNSET)
    617             sc->tickets = GNUTLS_ENABLED_FALSE;
     617        {
     618            /* GnuTLS 3.6.4 introduced automatic master key rotation */
     619            if (gnutls_check_version_numeric(3, 6, 4))
     620                sc->tickets = GNUTLS_ENABLED_TRUE;
     621            else
     622                sc->tickets = GNUTLS_ENABLED_FALSE;
     623        }
    618624        if (sc->export_certificates_size < 0)
    619625            sc->export_certificates_size = 0;
Note: See TracChangeset for help on using the changeset viewer.