diff options
Diffstat (limited to 'lib/ssl/src/tls_socket.erl')
-rw-r--r-- | lib/ssl/src/tls_socket.erl | 36 |
1 files changed, 11 insertions, 25 deletions
diff --git a/lib/ssl/src/tls_socket.erl b/lib/ssl/src/tls_socket.erl index 48f1935e81..91fdad4e44 100644 --- a/lib/ssl/src/tls_socket.erl +++ b/lib/ssl/src/tls_socket.erl @@ -79,10 +79,12 @@ listen(Transport, Port, #config{transport_info = {Transport, _, _, _, _}, case Transport:listen(Port, Options ++ internal_inet_values()) of {ok, ListenSocket} -> {ok, Tracker} = inherit_tracker(ListenSocket, EmOpts, SslOpts), - LifeTime = get_ticket_lifetime(), - TicketStoreSize = get_ticket_store_size(), + LifeTime = ssl_config:get_ticket_lifetime(), + TicketStoreSize = ssl_config:get_ticket_store_size(), + MaxEarlyDataSize = ssl_config:get_max_early_data_size(), %% TLS-1.3 session handling - {ok, SessionHandler} = session_tickets_tracker(LifeTime, TicketStoreSize, SslOpts), + {ok, SessionHandler} = + session_tickets_tracker(LifeTime, TicketStoreSize, MaxEarlyDataSize, SslOpts), %% PRE TLS-1.3 session handling {ok, SessionIdHandle} = session_id_tracker(ListenSocket, SslOpts), Trackers = [{option_tracker, Tracker}, {session_tickets_tracker, SessionHandler}, @@ -261,15 +263,15 @@ inherit_tracker(ListenSocket, EmOpts, #{erl_dist := false} = SslOpts) -> inherit_tracker(ListenSocket, EmOpts, #{erl_dist := true} = SslOpts) -> ssl_listen_tracker_sup:start_child_dist([ListenSocket, EmOpts, SslOpts]). -session_tickets_tracker(_, _, #{erl_dist := false, - session_tickets := disabled}) -> +session_tickets_tracker(_, _, _, #{erl_dist := false, + session_tickets := disabled}) -> {ok, disabled}; -session_tickets_tracker(Lifetime, TicketStoreSize, +session_tickets_tracker(Lifetime, TicketStoreSize, MaxEarlyDataSize, #{erl_dist := false, session_tickets := Mode, anti_replay := AntiReplay}) -> - tls_server_session_ticket_sup:start_child([Mode, Lifetime, TicketStoreSize, AntiReplay]); -session_tickets_tracker(Lifetime, TicketStoreSize, + tls_server_session_ticket_sup:start_child([Mode, Lifetime, TicketStoreSize, MaxEarlyDataSize, AntiReplay]); +session_tickets_tracker(Lifetime, TicketStoreSize, MaxEarlyDataSize, #{erl_dist := true, session_tickets := Mode, anti_replay := AntiReplay}) -> @@ -278,7 +280,7 @@ session_tickets_tracker(Lifetime, TicketStoreSize, Workers = proplists:get_value(workers, Children), case Workers of 0 -> - tls_server_session_ticket_sup:start_child([Mode, Lifetime, TicketStoreSize, AntiReplay]); + tls_server_session_ticket_sup:start_child([Mode, Lifetime, TicketStoreSize, MaxEarlyDataSize, AntiReplay]); 1 -> [{_,Child,_, _}] = supervisor:which_children(SupName), {ok, Child} @@ -504,19 +506,3 @@ validate_inet_option(active, Value) validate_inet_option(_, _) -> ok. -get_ticket_lifetime() -> - case application:get_env(ssl, server_session_ticket_lifetime) of - {ok, Seconds} when is_integer(Seconds) andalso - Seconds =< 604800 -> %% MUST be less than 7 days - Seconds; - _ -> - 7200 %% Default 2 hours - end. - -get_ticket_store_size() -> - case application:get_env(ssl, server_session_ticket_store_size) of - {ok, Size} when is_integer(Size) -> - Size; - _ -> - 1000 - end. |