diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-30 16:48:26 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-08-07 06:38:49 +0200 |
| commit | 34fb0de7e228c94921aaac826851db525132f1f5 (patch) | |
| tree | ee9a1bc96f5605c326489cdb2994df22362269c5 /doc | |
| parent | 695a2549763af25157db50f88d19ea097dd6ab8e (diff) | |
| download | gnutls-34fb0de7e228c94921aaac826851db525132f1f5.tar.gz | |
resume: keep persistent session identifiers
With the introduction of session ticket support (TLS1.2) and
TLS1.3, session identifiers have no persistency on server or
client side. Improve the situation by introducing persistent
session identifiers on server side in a backwards compatible
way.
Resolves #484
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/cha-upgrade.texi | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/cha-upgrade.texi b/doc/cha-upgrade.texi index 83e1120840..28c9249a7d 100644 --- a/doc/cha-upgrade.texi +++ b/doc/cha-upgrade.texi @@ -227,6 +227,10 @@ flag using @funcref{gnutls_certificate_set_flags}. @tab It is replaced by separate key update and re-authentication functionality which can be accessed directly via @funcref{gnutls_session_key_update} and @funcref{gnutls_reauth}. +@item TLS session identifiers are not shared with the server under TLS 1.3. +@tab The TLS session identifiers are persistent across resumption only on +server side and can be obtained as before via @funcref{gnutls_session_get_id2}. + @item @funcref{gnutls_pkcs11_privkey_generate3}, @funcref{gnutls_pkcs11_copy_secret_key}, @funcref{gnutls_pkcs11_copy_x509_privkey2} @tab These functions no longer create an exportable key by default; they require the flag @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} to do so. |