aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_session.h
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-04-04 15:09:51 +0000
committerlloyd <[email protected]>2012-04-04 15:09:51 +0000
commitf5d35f360a04acef3ad19b0abf9a830b0d52d5d8 (patch)
treeca23d42ebea4bdfb716e4b552b7befe1f494a53c /src/tls/tls_session.h
parent0b7fb2651b187097e9c89e37e2672ff28830371a (diff)
Limit the lifetime of tickets to Policy::session_ticket_lifetime()
seconds and report that value to the client in the NewSessionTicket message. After that point, a session ticket is ignored and a full renegotiation is forced. Only send a new session ticket on a new session, or on a resumed session where the client indicated it supports session tickets but for whatever reason didn't send one in the hello. Perhaps in this case, we should also remove the session from the session manager? Clean up server selection of the ciphersuite a bit, all in an anon function in tls_server instead of scattered over Server, Policy, and Server_Hello. Add Session::session_age and Session_Manager::session_lifetime
Diffstat (limited to 'src/tls/tls_session.h')
-rw-r--r--src/tls/tls_session.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h
index 0c57201a4..9a3c242a8 100644
--- a/src/tls/tls_session.h
+++ b/src/tls/tls_session.h
@@ -177,6 +177,11 @@ class BOTAN_DLL Session
u64bit start_time() const { return m_start_time; }
/**
+ * Return how long this session has existed (in seconds)
+ */
+ u32bit session_age() const;
+
+ /**
* Return the session ticket the server gave us
*/
const MemoryVector<byte>& session_ticket() const { return m_session_ticket; }