/openssl/test/ssl-tests/ |
H A D | 06-sni-ticket.cnf | 5 test-0 = 0-sni-session-ticket 6 test-1 = 1-sni-session-ticket 7 test-2 = 2-sni-session-ticket 8 test-3 = 3-sni-session-ticket 9 test-4 = 4-sni-session-ticket 10 test-5 = 5-sni-session-ticket 11 test-6 = 6-sni-session-ticket 24 [0-sni-session-ticket] 66 [1-sni-session-ticket] 110 [2-sni-session-ticket] [all …]
|
H A D | 27-ticket-appdata.cnf | 5 test-0 = 0-session-ticket-app-data12 6 test-1 = 1-session-ticket-app-data12 7 test-2 = 2-session-ticket-app-data13 8 test-3 = 3-session-ticket-app-data13 11 [0-session-ticket-app-data12] 14 [0-session-ticket-app-data12-ssl] 20 [0-session-ticket-app-data12-server] 48 [1-session-ticket-app-data12] 51 [1-session-ticket-app-data12-ssl] 80 [2-session-ticket-app-data13] [all …]
|
H A D | 27-ticket-appdata.cnf.in | 10 ## Test session ticket app data 20 "name" => "session-ticket-app-data12", 40 "name" => "session-ticket-app-data12", 59 "name" => "session-ticket-app-data13", 79 "name" => "session-ticket-app-data13",
|
H A D | protocol_version.pm | 265 foreach my $ticket ("SessionTicket", "-SessionTicket") { 276 "Options" => $ticket, 281 "Options" => $ticket, 301 "Options" => $ticket,
|
H A D | 06-sni-ticket.cnf.in | 28 my $session_id_result = "Yes"; # always, even with a ticket 30 "name" => "sni-session-ticket", 78 "name" => "sni-session-ticket",
|
/openssl/doc/man3/ |
H A D | SSL_CTX_set_session_ticket_cb.pod | 64 application that a session ticket has just been decrypted. 71 action, as it is called even if ticket decryption fails. 74 the key that was used to encrypt the session ticket. 82 Empty ticket present. No ticket data will be used and a new ticket should be 84 valid for a client to send an empty ticket. 88 The ticket couldn't be decrypted. No ticket data will be used and a new ticket 93 A ticket was successfully decrypted, any session ticket application data should 115 Do not use a ticket (if one was available). Do not send a renewed ticket to the 120 Do not use a ticket (if one was available). Send a renewed ticket to the client. 128 Use the ticket. Do not send a renewed ticket to the client. It is an error for [all …]
|
H A D | SSL_SESSION_has_ticket.pod | 7 - get details about the ticket associated with a session 24 associated with the session ticket. 26 SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a 27 session. The length of the ticket is written to B<*len>. If B<tick> is non 28 NULL then a pointer to the ticket is written to B<*tick>. The pointer is only 29 valid while the connection is in use. The session (and hence the ticket pointer) 34 SSL_SESSION_has_ticket() returns 1 if session ticket exists or 0 otherwise.
|
H A D | SSL_CTX_set_tlsext_ticket_key_cb.pod | 7 - set a callback for session ticket processing 36 session when session ticket extension is presented in the TLS hello 41 ticket construction state according to RFC5077 Section 4 such that per session 45 In order to reuse a session, a TLS client must send the session ticket 46 extension to the server. The client must send exactly one session ticket. 48 ticket information or it starts a full TLS handshake to create a new session 49 ticket. 56 an attempted retrieval of the ticket failed, or a renew option was indicated, 82 If the I<name> is still valid but a renewal of the ticket is required the 84 with an argument of enc equal to 1 to set the new ticket. [all …]
|
H A D | SSL_CTX_set_num_tickets.pod | 47 ticket be sent when it is safe to do so. New tickets are only allowed to be 49 TLS 1.3 connections. By default, the ticket generation and transmission are 53 SSL_new_session_ticket() was called, the ticket can be sent immediately 59 SSL_new_session_ticket() indicates only that the request to send a ticket was 60 processed, not that the ticket itself was sent. To be notified when the 61 ticket itself is sent, a new-session callback can be registered with 62 L<SSL_CTX_sess_set_new_cb(3)> that will be invoked as the ticket or tickets
|
H A D | SSL_CTX_set_timeout.pod | 45 This timeout value is used as the ticket lifetime hint for stateless session 46 tickets. It is also used as the timeout value within the ticket itself. 53 of 0 for the ticket lifetime hint.
|
H A D | SSL_CTX_set_options.pod | 318 When using stateless session tickets the server uses a session ticket encryption 320 client as a "ticket". When the client wishes to resume it sends the encrypted 326 ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful 330 in a ticket and sent back to the client. When the client wishes to resume, it 331 presents a ticket in the same way as for stateless tickets. The server can then 332 extract the session id from the ticket and retrieve the session information from 337 ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be
|
H A D | SSL_read_early_data.pod | 91 using a ticket based PSK then this is set automatically to the value provided by 296 attempts to reuse a session ticket more than once, then the second and 305 whenever a session ticket is issued. When a client attempts to resume the
|
H A D | SSL_CONF_cmd.pod | 292 OpenSSL will automatically detect if a session ticket has been used more than 294 full handshake is forced if a session ticket is used a second or subsequent 507 B<SessionTicket>: session ticket support, enabled by default. Inverse of 567 B<AntiReplay>: If set then OpenSSL will automatically detect if a session ticket 569 enabled on the server. A full handshake is forced if a session ticket is used a
|
H A D | SSL_shutdown.pod | 215 will ensure there is an opportunity for SSL/TLS session ticket messages to be
|
/openssl/util/perl/TLSProxy/ |
H A D | NewSessionTicket.pm | 89 $self->{ticket} = ""; 100 my $ticket = substr($self->data, 6, $ticket_len); 103 $self->ticket($ticket); 114 $data .= pack('n', length($self->ticket)); 115 $data .= $self->ticket; 129 sub ticket subroutine 133 $self->{ticket} = shift; 135 return $self->{ticket};
|
/openssl/test/ |
H A D | README.ssltest.md | 79 * SessionTicketExpected - whether or not a session ticket is expected 80 - Ignore - do not check for a session ticket (default) 81 - Yes - a session ticket is expected 82 - No - a session ticket is not expected 181 * BrokenSessionTicket - a special test case where the session ticket callback
|
/openssl/test/recipes/ |
H A D | 70-test_sslsessiontick.t | 160 $message->ticket("");
|
/openssl/ssl/ |
H A D | ssl_sess.c | 135 static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) in ssl_session_dup_intern() argument 231 if (ticket != 0 && src->ext.tick != NULL) { in ssl_session_dup_intern() 280 SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) in ssl_session_dup() argument 282 SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); in ssl_session_dup()
|
H A D | ssl_local.h | 2504 __owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket);
|
/openssl/include/openssl/ |
H A D | ssl.h.in | 357 /* Don't use RFC4507 ticket extension */ 2738 /* Support for ticket appdata */ 2743 /* No ticket present */ 2745 /* Empty ticket present */ 2747 /* the ticket couldn't be decrypted */ 2749 /* a ticket was successfully decrypted */ 2751 /* same as above but the ticket needs to be renewed */ 2759 /* Do not use the ticket, do not send a renewed ticket to the client */ 2761 /* Do not use the ticket, send a renewed ticket to the client */ 2763 /* Use the ticket, do not send a renewed ticket to the client */ [all …]
|
/openssl/doc/man1/ |
H A D | openssl-s_server.pod.in | 644 Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 848 automatically detect if a session ticket has been used more than once, TLSv1.3 850 is forced if a session ticket is used a second or subsequent time. Any early
|
H A D | openssl-s_client.pod.in | 725 Disable RFC4507bis session ticket support.
|
/openssl/ |
H A D | CHANGES.md | 1648 ticket 6745 * Malformed SHA512 ticket DoS 6752 a custom server callback and ticket lookup mechanism. 7320 a double free of the ticket data. 7946 * Malformed SHA512 ticket DoS 7953 a custom server callback and ticket lookup mechanism. 8491 a double free of the ticket data. 9277 presented a ticket with an expired session. 9564 a double free of the ticket data. 10582 The SSL_CTX structure automatically generates keys for ticket [all …]
|
H A D | NEWS.md | 666 * Configurable session ticket support 892 * Malformed SHA512 ticket DoS ([CVE-2016-6302]) 993 * Malformed SHA512 ticket DoS ([CVE-2016-6302])
|
/openssl/doc/designs/quic-design/ |
H A D | quic-api-ssl-funcs.md | 927 TODO: new_session_ticket doesn't need modifying as such, but ticket machinery
|