GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
TLS_CONFIG_SET_SESSION_ID(3) FreeBSD Library Functions Manual TLS_CONFIG_SET_SESSION_ID(3)

tls_config_set_session_fd, tls_config_set_session_id, tls_config_set_session_lifetime, tls_config_add_ticket_key
configure resuming of TLS handshakes

#include <tls.h>

int
tls_config_set_session_fd(struct tls_config *config, int session_fd);

int
tls_config_set_session_id(struct tls_config *config, const unsigned char *session_id, size_t len);

int
tls_config_set_session_lifetime(struct tls_config *config, int lifetime);

int
tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev, unsigned char *key, size_t keylen);

tls_config_set_session_fd() sets a file descriptor to be used to manage data for TLS sessions (client only). The given file descriptor must be a regular file and be owned by the current user, with permissions being restricted to only allow the owner to read and write the file (0600). If the file has a non-zero length, the client will attempt to read session data from this file and resume the previous TLS session with the server. Upon a successful handshake the file will be updated with current session data, if available. The caller is responsible for closing this file descriptor, after all TLS contexts that have been configured to use it have been freed via tls_free().

tls_config_set_session_id() sets the session identifier that will be used by the TLS server when sessions are enabled (server only). By default a random value is used.

tls_config_set_session_lifetime() sets the lifetime to be used for TLS sessions (server only). Session support is disabled if a lifetime of zero is specified, which is the default.

tls_config_add_ticket_key() adds a key used for the encryption and authentication of TLS tickets (server only). By default keys are generated and rotated automatically based on their lifetime. This function should only be used to synchronise ticket encryption key across multiple processes. Re-adding a known key will result in an error, unless it is the most recently added key.

These functions return 0 on success or -1 on error.

tls_accept_socket(3), tls_config_set_protocols(3), tls_init(3), tls_load_file(3), tls_server(3)

tls_config_set_session_id(), tls_config_set_session_lifetime() and tls_config_add_ticket_key() appeared in OpenBSD 6.1.

tls_config_set_session_fd() appeared in OpenBSD 6.3.

Claudio Jeker <claudio@openbsd.org>
Joel Sing <jsing@openbsd.org>
February 10, 2018 FreeBSD 13.1-RELEASE

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.