diff options
| author | Fedor Indutny <fedor.indutny@gmail.com> | 2014-02-04 01:32:13 +0400 |
|---|---|---|
| committer | Fedor Indutny <fedor.indutny@gmail.com> | 2014-02-05 23:28:34 +0400 |
| commit | 528a3ce3ed0df7aaafb02877495c94caa1d77355 (patch) | |
| tree | 8098183102d69c301b2fc5804949e453e6791fe9 /doc/api/tls.markdown | |
| parent | 5ce458032f33ad19a56c5b9c8c28bde245eb93b7 (diff) | |
| download | node-new-528a3ce3ed0df7aaafb02877495c94caa1d77355.tar.gz | |
tls: more session configuration options, methods
Introduce `ticketKeys` server option, `session` client option,
`getSession()` and `getTLSTicket()` methods.
fix #7032
Diffstat (limited to 'doc/api/tls.markdown')
| -rw-r--r-- | doc/api/tls.markdown | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index cf7a87fa2a..2a4c312b50 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -205,6 +205,12 @@ automatically set as a listener for the [secureConnection][] event. The session identifiers and TLS session tickets created by the server are timed out. See [SSL_CTX_set_timeout] for more details. + - `ticketKeys`: A 48-byte `Buffer` instance consisting of 16-byte prefix, + 16-byte hmac key, 16-byte AES key. You could use it to accept tls session + tickets on multiple instances of tls server. + + NOTE: Automatically shared between `cluster` module workers. + - `sessionIdContext`: A string containing a opaque identifier for session resumption. If `requestCert` is `true`, the default is MD5 hash value generated from command-line. Otherwise, the default is not provided. @@ -314,6 +320,8 @@ Creates a new client connection to the given `port` and `host` (old API) or SSL version 3. The possible values depend on your installation of OpenSSL and are defined in the constant [SSL_METHODS][]. + - `session`: A `Buffer` instance, containing TLS session. + The `callback` parameter will be added as a listener for the ['secureConnect'][] event. @@ -398,6 +406,8 @@ Construct a new TLSSocket object from existing TCP socket. - `SNICallback`: Optional, see [tls.createServer][] + - `session`: Optional, a `Buffer` instance, containing TLS session + ## tls.createSecurePair([credentials], [isServer], [requestCert], [rejectUnauthorized]) Stability: 0 - Deprecated. Use tls.TLSSocket instead. @@ -646,6 +656,18 @@ and their processing can be delayed due to packet loss or reordering. However, smaller fragments add extra TLS framing bytes and CPU overhead, which may decrease overall server throughput. +### tlsSocket.getSession() + +Return ASN.1 encoded TLS session or `undefined` if none was negotiated. Could +be used to speed up handshake establishment when reconnecting to the server. + +### tlsSocket.getTLSTicket() + +NOTE: Works only with client TLS sockets. Useful only for debugging, for +session reuse provide `session` option to `tls.connect`. + +Return TLS session ticket or `undefined` if none was negotiated. + ### tlsSocket.address() Returns the bound address, the address family name and port of the |