diff options
author | Kevin Lin <developer@kevinlin.info> | 2020-02-19 20:59:24 -0800 |
---|---|---|
committer | dormando <dormando@rydia.net> | 2020-03-27 11:21:33 -0700 |
commit | 4e79f166fc15583cae443d9ae09a1e673601fb7e (patch) | |
tree | 22af2a3afad3501b1e75ee7aedfecd2b9f1d35f0 /memcached.c | |
parent | f249724cedcab6605ca8a0769ac4b356a8124f63 (diff) | |
download | memcached-4e79f166fc15583cae443d9ae09a1e673601fb7e.tar.gz |
Add: `-o ssl_session_cache`, disabled by default
Enables server-side TLS session caching.
Diffstat (limited to 'memcached.c')
-rw-r--r-- | memcached.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/memcached.c b/memcached.c index 433d469..8701857 100644 --- a/memcached.c +++ b/memcached.c @@ -269,6 +269,7 @@ static void settings_init(void) { settings.ssl_ca_cert = NULL; settings.ssl_last_cert_refresh_time = current_time; settings.ssl_wbuf_size = 16 * 1024; // default is 16KB (SSL max frame size is 17KB) + settings.ssl_session_cache = false; #endif /* By default this string should be NULL for getaddrinfo() */ settings.inter = NULL; @@ -3232,6 +3233,9 @@ static void server_stats(ADD_STAT add_stats, conn *c) { #endif #ifdef TLS if (settings.ssl_enabled) { + if (settings.ssl_session_cache) { + APPEND_STAT("ssl_new_sessions", "%llu", (unsigned long long)stats.ssl_new_sessions); + } APPEND_STAT("ssl_handshake_errors", "%llu", (unsigned long long)stats.ssl_handshake_errors); APPEND_STAT("time_since_server_cert_refresh", "%u", now - settings.ssl_last_cert_refresh_time); } @@ -3319,6 +3323,7 @@ static void process_stat_settings(ADD_STAT add_stats, void *c) { APPEND_STAT("ssl_ciphers", "%s", settings.ssl_ciphers ? settings.ssl_ciphers : "NULL"); APPEND_STAT("ssl_ca_cert", "%s", settings.ssl_ca_cert ? settings.ssl_ca_cert : "NULL"); APPEND_STAT("ssl_wbuf_size", "%u", settings.ssl_wbuf_size); + APPEND_STAT("ssl_session_cache", "%s", settings.ssl_session_cache ? "yes" : "no"); #endif } @@ -8122,6 +8127,8 @@ static void usage(void) { " - ssl_ca_cert: PEM format file of acceptable client CA's\n" " - ssl_wbuf_size: size in kilobytes of per-connection SSL output buffer\n" " (default: %u)\n", settings.ssl_wbuf_size / (1 << 10)); + printf(" - ssl_session_cache: enable server-side SSL session cache, to support session\n" + " resumption\n"); verify_default("ssl_keyformat", settings.ssl_keyformat == SSL_FILETYPE_PEM); verify_default("ssl_verify_mode", settings.ssl_verify_mode == SSL_VERIFY_NONE); #endif @@ -8777,6 +8784,7 @@ int main (int argc, char **argv) { SSL_CIPHERS, SSL_CA_CERT, SSL_WBUF_SIZE, + SSL_SESSION_CACHE, #endif #ifdef MEMCACHED_DEBUG RELAXED_PRIVILEGES, @@ -8845,6 +8853,7 @@ int main (int argc, char **argv) { [SSL_CIPHERS] = "ssl_ciphers", [SSL_CA_CERT] = "ssl_ca_cert", [SSL_WBUF_SIZE] = "ssl_wbuf_size", + [SSL_SESSION_CACHE] = "ssl_session_cache", #endif #ifdef MEMCACHED_DEBUG [RELAXED_PRIVILEGES] = "relaxed_privileges", @@ -8911,7 +8920,7 @@ int main (int argc, char **argv) { char *shortopts = "a:" /* access mask for unix socket */ - "A" /* enable admin shutdown command */ + "A" /* enable admin shutdown command */ "Z" /* enable SSL */ "p:" /* TCP port number to listen on */ "s:" /* unix socket path to listen on */ @@ -9516,6 +9525,9 @@ int main (int argc, char **argv) { } settings.ssl_wbuf_size *= 1024; /* kilobytes */ break; + case SSL_SESSION_CACHE: + settings.ssl_session_cache = true; + break; #endif #ifdef EXTSTORE case EXT_PAGE_SIZE: |