Limit the lifetime of tickets to Policy::session_ticket_lifetime()

seconds and report that value to the client in the NewSessionTicket
message. After that point, a session ticket is ignored and a full
renegotiation is forced.

Only send a new session ticket on a new session, or on a resumed
session where the client indicated it supports session tickets but for
whatever reason didn't send one in the hello. Perhaps in this case, we
should also remove the session from the session manager?

Clean up server selection of the ciphersuite a bit, all in an anon
function in tls_server instead of scattered over Server, Policy, and
Server_Hello.

Add Session::session_age and Session_Manager::session_lifetime

1 files changed, 12 insertions, 0 deletions

diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp
index d3d8f061b..afe0e68ee 100644
--- a/src/tls/tls_ciphersuite.cpp
+++ b/src/tls/tls_ciphersuite.cpp
@@ -30,6 +30,18 @@ Ciphersuite Ciphersuite::by_name(const std::string& name)
    return Ciphersuite(); // some unknown ciphersuite
    }
 
+bool Ciphersuite::psk_ciphersuite() const
+   {
+   return (kex_algo() == "PSK" ||
+           kex_algo() == "DHE_PSK" ||
+           kex_algo() == "ECDHE_PSK");
+   }
+
+bool Ciphersuite::ecc_ciphersuite() const
+   {
+   return (kex_algo() == "ECDH" || sig_algo() == "ECDSA");
+   }
+
 std::string Ciphersuite::to_string() const
    {
    if(m_cipher_keylen == 0)