diff options
author | lloyd <[email protected]> | 2012-04-04 15:09:51 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-04-04 15:09:51 +0000 |
commit | f5d35f360a04acef3ad19b0abf9a830b0d52d5d8 (patch) | |
tree | ca23d42ebea4bdfb716e4b552b7befe1f494a53c /src/tls/tls_session.h | |
parent | 0b7fb2651b187097e9c89e37e2672ff28830371a (diff) |
Limit the lifetime of tickets to Policy::session_ticket_lifetime()
seconds and report that value to the client in the NewSessionTicket
message. After that point, a session ticket is ignored and a full
renegotiation is forced.
Only send a new session ticket on a new session, or on a resumed
session where the client indicated it supports session tickets but for
whatever reason didn't send one in the hello. Perhaps in this case, we
should also remove the session from the session manager?
Clean up server selection of the ciphersuite a bit, all in an anon
function in tls_server instead of scattered over Server, Policy, and
Server_Hello.
Add Session::session_age and Session_Manager::session_lifetime
Diffstat (limited to 'src/tls/tls_session.h')
-rw-r--r-- | src/tls/tls_session.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index 0c57201a4..9a3c242a8 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -177,6 +177,11 @@ class BOTAN_DLL Session u64bit start_time() const { return m_start_time; } /** + * Return how long this session has existed (in seconds) + */ + u32bit session_age() const; + + /** * Return the session ticket the server gave us */ const MemoryVector<byte>& session_ticket() const { return m_session_ticket; } |