vtls_scache.h - OpenGrok history log for /curl/lib/vtls/vtls

Revision	Date	Author	Comments
# 68bd759c	02-Dec-2024	Stefan Eissing	QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA When a QUIC TLS session announced early data support and 'CURLSSLOPT_EARLYDATA' is set for the transfer, send initial request and body QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA When a QUIC TLS session announced early data support and 'CURLSSLOPT_EARLYDATA' is set for the transfer, send initial request and body (up to the 128k we buffer) as 0RTT when curl is built with ngtcp2+gnutls. QUIC 0RTT needs not only the TLS session but the QUIC transport paramters as well. Store those and the earlydata max value together with the session in the cache. Add test case for h3 use of this. Enable quic early data in nghttpx for testing. Closes #15667 show more ...
# fa0ccd9f	18-Dec-2024	Stefan Eissing	lib: TLS session ticket caching reworked Described in detail in internal doc TLS-SESSIONS.md Main points: - use a new `ssl_peer_key` for cache lookups by connection filters lib: TLS session ticket caching reworked Described in detail in internal doc TLS-SESSIONS.md Main points: - use a new `ssl_peer_key` for cache lookups by connection filters - recognize differences between TLSv1.3 and other tickets * TLSv1.3 tickets are single-use, cache can hold several of them for a peer * TLSv1.2 are reused, keep only a single one per peer - differentiate between ticket BLOB to store (that could be persisted) and object instances - use put/take/return pattern for cache access - remember TLS version, ALPN protocol, time received and lifetime of ticket - auto-expire tickets after their lifetime Closes #15774 show more ...

Revision

Date

Author

Comments

# 68bd759c

02-Dec-2024

Stefan Eissing

QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA

When a QUIC TLS session announced early data support and
'CURLSSLOPT_EARLYDATA' is set for the transfer, send initial request and
body

QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA

When a QUIC TLS session announced early data support and
'CURLSSLOPT_EARLYDATA' is set for the transfer, send initial request and
body (up to the 128k we buffer) as 0RTT when curl is built with
ngtcp2+gnutls.

QUIC 0RTT needs not only the TLS session but the QUIC transport
paramters as well. Store those and the earlydata max value together with
the session in the cache.

Add test case for h3 use of this. Enable quic early data in nghttpx for
testing.

Closes #15667

# fa0ccd9f

18-Dec-2024

Stefan Eissing

lib: TLS session ticket caching reworked

Described in detail in internal doc TLS-SESSIONS.md

Main points:
- use a new `ssl_peer_key` for cache lookups by connection filters

lib: TLS session ticket caching reworked

Described in detail in internal doc TLS-SESSIONS.md

Main points:
- use a new `ssl_peer_key` for cache lookups by connection filters
- recognize differences between TLSv1.3 and other tickets
* TLSv1.3 tickets are single-use, cache can hold several of them for a peer
* TLSv1.2 are reused, keep only a single one per peer
- differentiate between ticket BLOB to store (that could be persisted) and object instances
- use put/take/return pattern for cache access
- remember TLS version, ALPN protocol, time received and lifetime of ticket
- auto-expire tickets after their lifetime

Closes #15774