| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
By default OpenSSL uses static large read/write buffers with TLS
connections. For memcached instances with a lot of client connections
this can quickly add up to gigabytes of memory. This options allows the
buffers to release when the clients are idle.
|
|
|
|
| |
via SSL_OP_NO_RENEGOTIATION option
|
| |
|
|
|
|
|
|
|
| |
TLS v1.3 compatibility
This provides compatibility with other SSL libraries like LibreSSL
with different semantics of OPENSSL_VERSION_NUMBER.
|
|
|
|
|
|
|
| |
`-o ssl_min_version` can be used to configure the server to only accept
handshakes from clients with a minimum TLS protocol version. Currently
supported options are TLS v1.0, TLS v1.1, TLS v1.2, and TLS v1.3
(OpenSSL 1.1.1+ only).
|
|
|
|
|
| |
Note: Do not fix typos in crc32.c because it's copied from an upstream
source
|
| |
|
|
|
|
| |
Enables server-side TLS session caching.
|
|
|
|
|
| |
segfaults server if refresh_certs command is run with TLS compiled in
but not enabled.
|
|
|
|
|
|
|
|
| |
compilation warning when enabling TLS (at least)
but https://github.com/memcached/memcached/pull/496
seemingly will fix it.
TLS feature using native API for comparison instead
as on some platforms pthread_t is an opaque type.
|
|
|
|
|
|
| |
This change also reloads the CA certificate, if supplied, in addition
to the certificate and private key when the server receives a
`refresh_certs` command.
|
|
Most of the work done by Tharanga. Some commits squashed in by
dormando. Also reviewed by dormando.
Tested, working, but experimental implementation of TLS for memcached.
Enable with ./configure --enable-tls
Requires OpenSSL 1.1.0 or better.
See `memcached -h` output for usage.
|