diff options
Diffstat (limited to 'manual/html_node/Session-resumption.html')
-rw-r--r-- | manual/html_node/Session-resumption.html | 298 |
1 files changed, 0 insertions, 298 deletions
diff --git a/manual/html_node/Session-resumption.html b/manual/html_node/Session-resumption.html deleted file mode 100644 index 828a055bc8..0000000000 --- a/manual/html_node/Session-resumption.html +++ /dev/null @@ -1,298 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<!-- This manual is last updated 4 March 2015 for version -3.5.4 of GnuTLS. - -Copyright (C) 2001-2015 Free Software Foundation, Inc.\\ -Copyright (C) 2001-2015 Nikos Mavrogiannopoulos - -Permission is granted to copy, distribute and/or modify this document -under the terms of the GNU Free Documentation License, Version 1.3 or -any later version published by the Free Software Foundation; with no -Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A -copy of the license is included in the section entitled "GNU Free -Documentation License". --> -<!-- Created by GNU Texinfo 6.1, http://www.gnu.org/software/texinfo/ --> -<head> -<title>GnuTLS 3.5.4: Session resumption</title> - -<meta name="description" content="GnuTLS 3.5.4: Session resumption"> -<meta name="keywords" content="GnuTLS 3.5.4: Session resumption"> -<meta name="resource-type" content="document"> -<meta name="distribution" content="global"> -<meta name="Generator" content="makeinfo"> -<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> -<link href="index.html#Top" rel="start" title="Top"> -<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index"> -<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents"> -<link href="Advanced-topics.html#Advanced-topics" rel="up" title="Advanced topics"> -<link href="Certificate-verification.html#Certificate-verification" rel="next" title="Certificate verification"> -<link href="Advanced-topics.html#Advanced-topics" rel="prev" title="Advanced topics"> -<style type="text/css"> -<!-- -a.summary-letter {text-decoration: none} -blockquote.indentedblock {margin-right: 0em} -blockquote.smallindentedblock {margin-right: 0em; font-size: smaller} -blockquote.smallquotation {font-size: smaller} -div.display {margin-left: 3.2em} -div.example {margin-left: 3.2em} -div.lisp {margin-left: 3.2em} -div.smalldisplay {margin-left: 3.2em} -div.smallexample {margin-left: 3.2em} -div.smalllisp {margin-left: 3.2em} -kbd {font-style: oblique} -pre.display {font-family: inherit} -pre.format {font-family: inherit} -pre.menu-comment {font-family: serif} -pre.menu-preformatted {font-family: serif} -pre.smalldisplay {font-family: inherit; font-size: smaller} -pre.smallexample {font-size: smaller} -pre.smallformat {font-family: inherit; font-size: smaller} -pre.smalllisp {font-size: smaller} -span.nolinebreak {white-space: nowrap} -span.roman {font-family: initial; font-weight: normal} -span.sansserif {font-family: sans-serif; font-weight: normal} -ul.no-bullet {list-style: none} -body { - margin: 2%; - padding: 0 5%; - background: #ffffff; -} -h1,h2,h3,h4,h5 { - font-weight: bold; - padding: 5px 5px 5px 5px; - background-color: #c2e0ff; - color: #336699; -} -h1 { - padding: 2em 2em 2em 5%; - color: white; - background: #336699; - text-align: center; - letter-spacing: 3px; -} -h2 { text-decoration: underline; } -pre { - margin: 0 5%; - padding: 0.5em; -} -pre.example,pre.verbatim { - padding-bottom: 1em; - - border: solid #c2e0ff; - background: #f0faff; - border-width: 1px 1px 1px 5px; - margin: 1em auto; - width: 90%; -} - -div.node { - margin: 0 -5% 0 -2%; - padding: 0.5em 0.5em; - margin-top: 0.5em; - margin-bottom: 0.5em; - font-weight: bold; -} -dd, li { - padding-top: 0.1em; - padding-bottom: 0.1em; -} -div.float { - - margin-bottom: 0.5em; - text-align: center; -} - -table { - text-align: left; - margin-left:auto; - margin-right:auto; - border-spacing: 7px; - width: 50%; -} - -th { - padding: 0; - color: #336699; - background-color: #c2e0ff; - border: solid #000000; - border-width: 0px; - margin: 1em auto; - text-align: center; - margin-left:auto; - margin-right:auto; -} - -td { - padding: 0; - border: solid #000000; - background-color: #f0faff; - border-width: 0px; - margin: 1em auto; - text-align: left; - margin-left:auto; - margin-right:auto; - padding-left: 1em; -} - -dl { - text-align: left; - margin-left:auto; - margin-right:auto; - width: 50%; - - padding-left: 1em; - border: solid #c2e0ff; - background: #f0faff; - border-width: 5px 1px 1px 1px; - margin: 1em auto; -} - ---> -</style> - - -</head> - -<body lang="en"> -<a name="Session-resumption"></a> -<div class="header"> -<p> -Next: <a href="Certificate-verification.html#Certificate-verification" accesskey="n" rel="next">Certificate verification</a>, Up: <a href="Advanced-topics.html#Advanced-topics" accesskey="u" rel="up">Advanced topics</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> -</div> -<hr> -<a name="Session-resumption-1"></a> -<h4 class="subsection">6.12.1 Session resumption</h4> -<a name="index-resuming-sessions-1"></a> -<a name="index-session-resumption-1"></a> - -<a name="Client-side-1"></a> -<h4 class="subsubheading">Client side</h4> - -<p>To reduce time and roundtrips spent in a handshake the client can -request session resumption from a server that previously shared -a session with the client. For that the client has to retrieve and store -the session parameters. Before establishing a new session to the same -server the parameters must be re-associated with the GnuTLS session -using <a href="Core-TLS-API.html#gnutls_005fsession_005fset_005fdata">gnutls_session_set_data</a>. -</p> -<dl compact="compact"> -<dt><code><var>int</var> <a href="Core-TLS-API.html#gnutls_005fsession_005fget_005fdata2">gnutls_session_get_data2</a> (gnutls_session_t <var>session</var>, gnutls_datum_t * <var>data</var>)</code></dt> -<dt><code><var>int</var> <a href="Core-TLS-API.html#gnutls_005fsession_005fget_005fid2">gnutls_session_get_id2</a> (gnutls_session_t <var>session</var>, gnutls_datum_t * <var>session_id</var>)</code></dt> -<dt><code><var>int</var> <a href="Core-TLS-API.html#gnutls_005fsession_005fset_005fdata">gnutls_session_set_data</a> (gnutls_session_t <var>session</var>, const void * <var>session_data</var>, size_t <var>session_data_size</var>)</code></dt> -</dl> - -<p>Keep in mind that sessions will be expired after some time, depending -on the server, and a server may choose not to resume a session -even when requested to. The expiration is to prevent temporal session keys -from becoming long-term keys. Also note that as a client you must enable, -using the priority functions, at least the algorithms used in the last session. -</p> - - - - -<dl> -<dt><a name="index-gnutls_005fsession_005fis_005fresumed"></a>Function: <em>int</em> <strong>gnutls_session_is_resumed</strong> <em>(gnutls_session_t <var>session</var>)</em></dt> -<dd><p><var>session</var>: is a <code>gnutls_session_t</code> type. -</p> -<p>Check whether session is resumed or not. -</p> -<p><strong>Returns:</strong> non zero if this session is resumed, or a zero if this is -a new session. -</p></dd></dl> - -<a name="Server-side-1"></a> -<h4 class="subsubheading">Server side</h4> - -<p>In order to support resumption a server can store -the session security parameters in a local database or by using session -tickets (see <a href="Session-tickets.html#Session-tickets">Session tickets</a>) to delegate storage to the client. Because -session tickets might not be supported by all clients, servers -could combine the two methods. -</p> -<p>A storing server needs to specify callback functions to store, retrieve and delete session data. These can be -registered with the functions below. The stored sessions in the database can be checked using <a href="Core-TLS-API.html#gnutls_005fdb_005fcheck_005fentry">gnutls_db_check_entry</a> -for expiration. -</p> -<dl compact="compact"> -<dt><code><var>void</var> <a href="Core-TLS-API.html#gnutls_005fdb_005fset_005fretrieve_005ffunction">gnutls_db_set_retrieve_function</a> (gnutls_session_t <var>session</var>, gnutls_db_retr_func <var>retr_func</var>)</code></dt> -<dt><code><var>void</var> <a href="Core-TLS-API.html#gnutls_005fdb_005fset_005fstore_005ffunction">gnutls_db_set_store_function</a> (gnutls_session_t <var>session</var>, gnutls_db_store_func <var>store_func</var>)</code></dt> -<dt><code><var>void</var> <a href="Core-TLS-API.html#gnutls_005fdb_005fset_005fptr">gnutls_db_set_ptr</a> (gnutls_session_t <var>session</var>, void * <var>ptr</var>)</code></dt> -<dt><code><var>void</var> <a href="Core-TLS-API.html#gnutls_005fdb_005fset_005fremove_005ffunction">gnutls_db_set_remove_function</a> (gnutls_session_t <var>session</var>, gnutls_db_remove_func <var>rem_func</var>)</code></dt> -</dl> -<dl compact="compact"> -<dt><code><var>int</var> <a href="Core-TLS-API.html#gnutls_005fdb_005fcheck_005fentry">gnutls_db_check_entry</a> (gnutls_session_t <var>session</var>, gnutls_datum_t <var>session_entry</var>)</code></dt> -</dl> - -<p>A server utilizing tickets should generate ticket encryption -and authentication keys using <a href="Core-TLS-API.html#gnutls_005fsession_005fticket_005fkey_005fgenerate">gnutls_session_ticket_key_generate</a>. -Those keys should be associated with the GnuTLS session using -<a href="Core-TLS-API.html#gnutls_005fsession_005fticket_005fenable_005fserver">gnutls_session_ticket_enable_server</a>, and should be rotated regularly -(e.g., every few hours), to prevent them from becoming long-term keys which -if revealed could be used to decrypt all previous sessions. -</p> - - - - -<dl> -<dt><a name="index-gnutls_005fsession_005fticket_005fenable_005fserver"></a>Function: <em>int</em> <strong>gnutls_session_ticket_enable_server</strong> <em>(gnutls_session_t <var>session</var>, const gnutls_datum_t * <var>key</var>)</em></dt> -<dd><p><var>session</var>: is a <code>gnutls_session_t</code> type. -</p> -<p><var>key</var>: key to encrypt session parameters. -</p> -<p>Request that the server should attempt session resumption using -SessionTicket. <code>key</code> must be initialized with -<code>gnutls_session_ticket_key_generate()</code> , and should be overwritten -using <code>gnutls_memset()</code> before being released. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, or an -error code. -</p> -<p><strong>Since:</strong> 2.10.0 -</p></dd></dl> - - - - -<dl> -<dt><a name="index-gnutls_005fsession_005fticket_005fkey_005fgenerate"></a>Function: <em>int</em> <strong>gnutls_session_ticket_key_generate</strong> <em>(gnutls_datum_t * <var>key</var>)</em></dt> -<dd><p><var>key</var>: is a pointer to a <code>gnutls_datum_t</code> which will contain a newly -created key. -</p> -<p>Generate a random key to encrypt security parameters within -SessionTicket. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, or an -error code. -</p> -<p><strong>Since:</strong> 2.10.0 -</p></dd></dl> - - - - -<dl> -<dt><a name="index-gnutls_005fsession_005fresumption_005frequested"></a>Function: <em>int</em> <strong>gnutls_session_resumption_requested</strong> <em>(gnutls_session_t <var>session</var>)</em></dt> -<dd><p><var>session</var>: is a <code>gnutls_session_t</code> type. -</p> -<p>Check whether the client has asked for session resumption. -This function is valid only on server side. -</p> -<p><strong>Returns:</strong> non zero if session resumption was asked, or a zero if not. -</p></dd></dl> - -<p>A server enabling both session tickets and a storage for session data -would use session tickets when clients support it and the storage otherwise. -</p> -<hr> -<div class="header"> -<p> -Next: <a href="Certificate-verification.html#Certificate-verification" accesskey="n" rel="next">Certificate verification</a>, Up: <a href="Advanced-topics.html#Advanced-topics" accesskey="u" rel="up">Advanced topics</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> -</div> - - - -</body> -</html> |