| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
use and call it.
|
|
|
|
|
|
|
| |
Add a service identifier as well, to help out clients which may want
to negotiate multiple protocols over a single port and need to keep
the sessions disambiguated. Not sure if that is useful, but it might
be.
|
|
|
|
|
|
|
|
| |
be part of the connection rather than part of the session. That really
does make more sense, so go with it.
Changes the format of serialized sessions, but we already broke that
with the crypto change.
|
|
|
|
|
|
| |
MAC keys for session encryption, randomly generate two 80-bit salt
values which are included in the session blob and run the KDF over the
master key and the random salts to create the keys.
|
|
|
|
|
|
| |
using a custom allocator. Currently our allocator just does new/delete
with a memset before deletion, and the mmap and mlock allocators have
been removed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
seconds and report that value to the client in the NewSessionTicket
message. After that point, a session ticket is ignored and a full
renegotiation is forced.
Only send a new session ticket on a new session, or on a resumed
session where the client indicated it supports session tickets but for
whatever reason didn't send one in the hello. Perhaps in this case, we
should also remove the session from the session manager?
Clean up server selection of the ciphersuite a bit, all in an anon
function in tls_server instead of scattered over Server, Policy, and
Server_Hello.
Add Session::session_age and Session_Manager::session_lifetime
|
|
|
|
|
|
|
|
|
| |
flags; if params change just regen the magic value and drop old
sessions. Check the magic value right from the start. Use constants
for internal sizes.
Increase default PBKDF2 iterations in the SQLite session manager
to 64K.
|
| |
|
|
|
|
| |
hard-coded key.
|
|\
| |
| |
| |
| |
| | |
f761c340d4390c232d1a9896f3fde5c9dec7858b)
to branch 'net.randombit.botan.tls-session-ticket' (head bf9feb245aa7185e22948a21a3099acac7237b44)
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
Use AES-256 so we don't encrypt session tickets with a weaker algo
than the ciphersuites.
|
|\|
| |
| |
| |
| |
| | |
c24b5d6b012131b177d38bddb8b06d73f81f70c4)
to branch 'net.randombit.botan.tls-session-ticket' (head 9977d4c118e1ac26425cef676ebf26cd5b2a470e)
|
| | |
|
| |
| |
| |
| | |
session.
|
| |
| |
| |
| | |
for such a minor change.
|
| |
| |
| |
| |
| | |
everything into a new namespace (Botan::TLS), removing the TLS_
prefixes on everything.
|
|/ |
|
|
its own file. Rename tls_state to tls_handshake_state.
|