Limit the lifetime of tickets to Policy::session_ticket_lifetime()

seconds and report that value to the client in the NewSessionTicket message. After that point, a session ticket is ignored and a full renegotiation is forced. Only send a new session ticket on a new session, or on a resumed session where the client indicated it supports session tickets but for whatever reason didn't send one in the hello. Perhaps in this case, we should also remove the session from the session manager? Clean up server selection of the ciphersuite a bit, all in an anon function in tls_server instead of scattered over Server, Policy, and Server_Hello. Add Session::session_age and Session_Manager::session_lifetime
author: lloyd <[email protected]> 2012-04-04 15:09:51 +0000
committer: lloyd <[email protected]> 2012-04-04 15:09:51 +0000
commit: f5d35f360a04acef3ad19b0abf9a830b0d52d5d8 (patch)
tree: ca23d42ebea4bdfb716e4b552b7befe1f494a53c /src/tls/tls_session.cpp
parent: 0b7fb2651b187097e9c89e37e2672ff28830371a (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp
index 2a532196d..0e8bf3051 100644
--- a/src/tls/tls_session.cpp
+++ b/src/tls/tls_session.cpp
@@ -131,6 +131,11 @@ std::string Session::PEM_encode() const
    return PEM_Code::encode(this->DER_encode(), "SSL SESSION");
    }
 
+u32bit Session::session_age() const
+   {
+   return (system_time() - m_start_time);
+   }
+
 namespace {
 
 const u32bit SESSION_CRYPTO_MAGIC = 0x571B0E4E;
author	lloyd <[email protected]>	2012-04-04 15:09:51 +0000
committer	lloyd <[email protected]>	2012-04-04 15:09:51 +0000
commit	f5d35f360a04acef3ad19b0abf9a830b0d52d5d8 (patch)
tree	ca23d42ebea4bdfb716e4b552b7befe1f494a53c /src/tls/tls_session.cpp
parent	0b7fb2651b187097e9c89e37e2672ff28830371a (diff)