| /openssl/test/ssl-tests/ |
| H A D | 06-sni-ticket.cnf | 5 test-0 = 0-sni-session-ticket
6 test-1 = 1-sni-session-ticket
7 test-2 = 2-sni-session-ticket
8 test-3 = 3-sni-session-ticket
9 test-4 = 4-sni-session-ticket
10 test-5 = 5-sni-session-ticket
11 test-6 = 6-sni-session-ticket
24 [0-sni-session-ticket]
66 [1-sni-session-ticket]
110 [2-sni-session-ticket]
[all …]
|
| H A D | 27-ticket-appdata.cnf | 5 test-0 = 0-session-ticket-app-data12
6 test-1 = 1-session-ticket-app-data12
7 test-2 = 2-session-ticket-app-data13
8 test-3 = 3-session-ticket-app-data13
11 [0-session-ticket-app-data12]
14 [0-session-ticket-app-data12-ssl]
20 [0-session-ticket-app-data12-server]
48 [1-session-ticket-app-data12]
51 [1-session-ticket-app-data12-ssl]
80 [2-session-ticket-app-data13]
[all …]
|
| H A D | 27-ticket-appdata.cnf.in | 10 ## Test session ticket app data
20 "name" => "session-ticket-app-data12",
40 "name" => "session-ticket-app-data12",
59 "name" => "session-ticket-app-data13",
79 "name" => "session-ticket-app-data13",
|
| H A D | protocol_version.pm | 265 foreach my $ticket ("SessionTicket", "-SessionTicket") {
276 "Options" => $ticket,
281 "Options" => $ticket,
301 "Options" => $ticket,
|
| H A D | 06-sni-ticket.cnf.in | 28 my $session_id_result = "Yes"; # always, even with a ticket
30 "name" => "sni-session-ticket",
78 "name" => "sni-session-ticket",
|
| /openssl/doc/man3/ |
| H A D | SSL_CTX_set_session_ticket_cb.pod | 64 application that a session ticket has just been decrypted.
71 action, as it is called even if ticket decryption fails.
74 the key that was used to encrypt the session ticket.
82 Empty ticket present. No ticket data will be used and a new ticket should be
84 valid for a client to send an empty ticket.
88 The ticket couldn't be decrypted. No ticket data will be used and a new ticket
93 A ticket was successfully decrypted, any session ticket application data should
115 Do not use a ticket (if one was available). Do not send a renewed ticket to the
120 Do not use a ticket (if one was available). Send a renewed ticket to the client.
128 Use the ticket. Do not send a renewed ticket to the client. It is an error for
[all …]
|
| H A D | SSL_SESSION_has_ticket.pod | 7 - get details about the ticket associated with a session
24 associated with the session ticket.
26 SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a
27 session. The length of the ticket is written to B<*len>. If B<tick> is non
28 NULL then a pointer to the ticket is written to B<*tick>. The pointer is only
29 valid while the connection is in use. The session (and hence the ticket pointer)
34 SSL_SESSION_has_ticket() returns 1 if session ticket exists or 0 otherwise.
|
| H A D | SSL_CTX_set_tlsext_ticket_key_cb.pod | 7 - set a callback for session ticket processing
36 session when session ticket extension is presented in the TLS hello
41 ticket construction state according to RFC5077 Section 4 such that per session
45 In order to reuse a session, a TLS client must send the a session ticket
46 extension to the server. The client can only send exactly one session ticket.
48 ticket information or it starts a full TLS handshake to create a new session
49 ticket.
56 an attempted retrieval of the ticket failed, or a renew option was indicated,
82 If the I<name> is still valid but a renewal of the ticket is required the
84 with an argument of enc equal to 1 to set the new ticket.
[all …]
|
| H A D | SSL_CTX_set_num_tickets.pod | 47 ticket be sent when it is safe to do so. New tickets are only allowed to be
49 TLS 1.3 connections. By default, the ticket generation and transmission are
53 SSL_new_session_ticket() was called, the ticket can be sent immediately
59 SSL_new_session_ticket() indicates only that the request to send a ticket was
60 processed, not that the ticket itself was sent. To be notified when the
61 ticket itself is sent, a new-session callback can be registered with
62 L<SSL_CTX_sess_set_new_cb(3)> that will be invoked as the ticket or tickets
|
| H A D | SSL_CTX_set_timeout.pod | 45 This timeout value is used as the ticket lifetime hint for stateless session
46 tickets. It is also used as the timeout value within the ticket itself.
53 of 0 for the ticket lifetime hint.
|
| H A D | SSL_CTX_set_options.pod | 273 When using stateless session tickets the server uses a session ticket encryption
275 client as a "ticket". When the client wishes to resume it sends the encrypted
281 ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful
285 in a ticket and sent back to the client. When the client wishes to resume, it
286 presents a ticket in the same way as for stateless tickets. The server can then
287 extract the session id from the ticket and retrieve the session information from
292 ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be
|
| H A D | SSL_shutdown.pod | 39 has sent a session ticket to establish a session, the client might not be able
40 to resume the session because it did not received and process the session ticket
|
| H A D | SSL_CONF_cmd.pod | 253 OpenSSL will automatically detect if a session ticket has been used more than
255 full handshake is forced if a session ticket is used a second or subsequent
459 B<SessionTicket>: session ticket support, enabled by default. Inverse of
514 B<AntiReplay>: If set then OpenSSL will automatically detect if a session ticket
516 enabled on the server. A full handshake is forced if a session ticket is used a
|
| H A D | SSL_read_early_data.pod | 91 using a ticket based PSK then this is set automatically to the value provided by
291 attempts to reuse a session ticket more than once, then the second and
300 whenever a session ticket is issued. When a client attempts to resume the
|
| /openssl/util/perl/TLSProxy/ |
| H A D | NewSessionTicket.pm | 33 $self->{ticket} = "";
44 my $ticket = substr($self->data, 6, $ticket_len);
47 $self->ticket($ticket);
58 $data .= pack('n', length($self->ticket));
59 $data .= $self->ticket;
73 sub ticket subroutine
77 $self->{ticket} = shift;
79 return $self->{ticket};
|
| /openssl/test/ |
| H A D | README.ssltest.md | 79 * SessionTicketExpected - whether or not a session ticket is expected
80 - Ignore - do not check for a session ticket (default)
81 - Yes - a session ticket is expected
82 - No - a session ticket is not expected
181 * BrokenSessionTicket - a special test case where the session ticket callback
|
| /openssl/include/openssl/ |
| H A D | ssl.h.in | 355 /* Don't use RFC4507 ticket extension */
2473 /* Support for ticket appdata */
2478 /* No ticket present */
2480 /* Empty ticket present */
2482 /* the ticket couldn't be decrypted */
2484 /* a ticket was successfully decrypted */
2486 /* same as above but the ticket needs to be renewed */
2494 /* Do not use the ticket, do not send a renewed ticket to the client */
2496 /* Do not use the ticket, send a renewed ticket to the client */
2498 /* Use the ticket, do not send a renewed ticket to the client */
[all …]
|
| /openssl/test/recipes/ |
| H A D | 70-test_sslsessiontick.t | 160 $message->ticket("");
|
| /openssl/ssl/ |
| H A D | ssl_sess.c | 148 SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) in ssl_session_dup() argument
228 if (ticket != 0 && src->ext.tick != NULL) { in ssl_session_dup()
|
| H A D | ssl_local.h | 2467 __owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket);
|
| /openssl/doc/man1/ |
| H A D | openssl-s_server.pod.in | 622 Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3
814 automatically detect if a session ticket has been used more than once, TLSv1.3
816 is forced if a session ticket is used a second or subsequent time. Any early
|
| H A D | openssl-s_client.pod.in | 688 Disable RFC4507bis session ticket support.
|
| /openssl/ |
| H A D | CHANGES.md | 5197 * Malformed SHA512 ticket DoS
5204 a custom server callback and ticket lookup mechanism.
5772 a double free of the ticket data.
6398 * Malformed SHA512 ticket DoS
6405 a custom server callback and ticket lookup mechanism.
6943 a double free of the ticket data.
7729 presented a ticket with an expired session.
8016 a double free of the ticket data.
9034 The SSL_CTX structure automatically generates keys for ticket
10177 The SSL_CTX structure automatically generates keys for ticket
[all …]
|
| H A D | NEWS.md | 230 * Configurable session ticket support
456 * Malformed SHA512 ticket DoS ([CVE-2016-6302])
557 * Malformed SHA512 ticket DoS ([CVE-2016-6302])
|
| /openssl/crypto/err/ |
| H A D | openssl.txt | 1386 SSL_R_INVALID_TICKET_KEYS_LENGTH:325:invalid ticket keys length
|
