SSL_CTX_set_tlsext_ticket_key_cb.pod - OpenGrok cross reference for /openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key

Lines Matching refs:a
7 - set a callback for session ticket processing
19 hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
29 SSL_CTX_set_tlsext_ticket_key_evp_cb() sets a callback function I<cb> for handling
40 The OpenSSL library uses your callback function to help implement a common TLS
42 state is unnecessary and a small set of cryptographic variables needs to be
45 In order to reuse a session, a TLS client must send the session ticket
48 ticket information or it starts a full TLS handshake to create a new session
55 For new sessions tickets, when the client doesn't present a session ticket, or
56 an attempted retrieval of the ticket failed, or a renew option was indicated,
61 The I<name> is 16 characters long and is used as a key identifier.
66 The initialization vector I<iv> should be a random value. The cipher context
72 When the client presents a session ticket, the callback function with be called
73 with I<enc> set to 0 indicating that the I<cb> function should retrieve a set
76 to retrieve a cryptographic parameters and that the cryptographic context
78 I<iv>. using a function like L<EVP_DecryptInit_ex(3)>. The key material and
82 If the I<name> is still valid but a renewal of the ticket is required the
95 ticket is in a renewal period and should be replaced. The OpenSSL library will
106 This indicates that it was not possible to set/retrieve a session ticket and
107 the SSL/TLS session will continue by negotiating a set of cryptographic
111 a new set of parameters.
120 SSL_CTX_set_tlsext_ticket_key_evp_cb() except that it takes a deprecated
131 and all other negotiated state information encrypted within the ticket. In a
133 exactly as if a full negotiation had occurred.
135 If an attacker can obtain the key used to encrypt a session ticket, they can
138 a result applications may wish to use multiple keys and avoid using long term
141 Applications can use longer keys to maintain a consistent level of security.
142 For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key
173                                  * createkey needs to initialise a name,
174                                  * an aes_key, a hmac_key and optionally
217               * return 2 - This session will get a new ticket even though the
247 this file except in compliance with the License.  You can obtain a copy