| /openssl/test/ssl-tests/ |
| H A D | 06-sni-ticket.cnf | 5 test-0 = 0-sni-session-ticket
6 test-1 = 1-sni-session-ticket
7 test-2 = 2-sni-session-ticket
8 test-3 = 3-sni-session-ticket
9 test-4 = 4-sni-session-ticket
10 test-5 = 5-sni-session-ticket
11 test-6 = 6-sni-session-ticket
24 [0-sni-session-ticket]
66 [1-sni-session-ticket]
110 [2-sni-session-ticket]
[all …]
|
| H A D | 27-ticket-appdata.cnf | 5 test-0 = 0-session-ticket-app-data12
6 test-1 = 1-session-ticket-app-data12
7 test-2 = 2-session-ticket-app-data13
8 test-3 = 3-session-ticket-app-data13
11 [0-session-ticket-app-data12]
14 [0-session-ticket-app-data12-ssl]
20 [0-session-ticket-app-data12-server]
48 [1-session-ticket-app-data12]
51 [1-session-ticket-app-data12-ssl]
80 [2-session-ticket-app-data13]
[all …]
|
| H A D | 27-ticket-appdata.cnf.in | 10 ## Test session ticket app data
20 "name" => "session-ticket-app-data12",
40 "name" => "session-ticket-app-data12",
59 "name" => "session-ticket-app-data13",
79 "name" => "session-ticket-app-data13",
|
| H A D | protocol_version.pm | 265 foreach my $ticket ("SessionTicket", "-SessionTicket") {
276 "Options" => $ticket,
281 "Options" => $ticket,
301 "Options" => $ticket,
|
| H A D | 06-sni-ticket.cnf.in | 28 my $session_id_result = "Yes"; # always, even with a ticket
30 "name" => "sni-session-ticket",
78 "name" => "sni-session-ticket",
|
| /openssl/doc/man3/ |
| H A D | SSL_CTX_set_session_ticket_cb.pod | 64 application that a session ticket has just been decrypted.
71 action, as it is called even if ticket decryption fails.
74 the key that was used to encrypt the session ticket.
82 Empty ticket present. No ticket data will be used and a new ticket should be
84 valid for a client to send an empty ticket.
88 The ticket couldn't be decrypted. No ticket data will be used and a new ticket
93 A ticket was successfully decrypted, any session ticket application data should
115 Do not use a ticket (if one was available). Do not send a renewed ticket to the
120 Do not use a ticket (if one was available). Send a renewed ticket to the client.
128 Use the ticket. Do not send a renewed ticket to the client. It is an error for
[all …]
|
| H A D | SSL_SESSION_has_ticket.pod | 7 - get details about the ticket associated with a session
24 associated with the session ticket.
26 SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a
27 session. The length of the ticket is written to B<*len>. If B<tick> is non
28 NULL then a pointer to the ticket is written to B<*tick>. The pointer is only
29 valid while the connection is in use. The session (and hence the ticket pointer)
34 SSL_SESSION_has_ticket() returns 1 if session ticket exists or 0 otherwise.
|
| H A D | SSL_CTX_set_tlsext_ticket_key_cb.pod | 7 - set a callback for session ticket processing
36 session when session ticket extension is presented in the TLS hello
41 ticket construction state according to RFC5077 Section 4 such that per session
45 In order to reuse a session, a TLS client must send the session ticket
46 extension to the server. The client must send exactly one session ticket.
48 ticket information or it starts a full TLS handshake to create a new session
49 ticket.
56 an attempted retrieval of the ticket failed, or a renew option was indicated,
82 If the I<name> is still valid but a renewal of the ticket is required the
84 with an argument of enc equal to 1 to set the new ticket.
[all …]
|
| H A D | SSL_CTX_set_num_tickets.pod | 47 ticket be sent when it is safe to do so. New tickets are only allowed to be
49 TLS 1.3 connections. By default, the ticket generation and transmission are
53 SSL_new_session_ticket() was called, the ticket can be sent immediately
59 SSL_new_session_ticket() indicates only that the request to send a ticket was
60 processed, not that the ticket itself was sent. To be notified when the
61 ticket itself is sent, a new-session callback can be registered with
62 L<SSL_CTX_sess_set_new_cb(3)> that will be invoked as the ticket or tickets
|
| H A D | SSL_CTX_set_timeout.pod | 45 This timeout value is used as the ticket lifetime hint for stateless session
46 tickets. It is also used as the timeout value within the ticket itself.
53 of 0 for the ticket lifetime hint.
|
| H A D | SSL_CTX_set_options.pod | 318 When using stateless session tickets the server uses a session ticket encryption
320 client as a "ticket". When the client wishes to resume it sends the encrypted
326 ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful
330 in a ticket and sent back to the client. When the client wishes to resume, it
331 presents a ticket in the same way as for stateless tickets. The server can then
332 extract the session id from the ticket and retrieve the session information from
337 ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be
|
| H A D | SSL_read_early_data.pod | 91 using a ticket based PSK then this is set automatically to the value provided by
296 attempts to reuse a session ticket more than once, then the second and
305 whenever a session ticket is issued. When a client attempts to resume the
|
| H A D | SSL_CONF_cmd.pod | 292 OpenSSL will automatically detect if a session ticket has been used more than
294 full handshake is forced if a session ticket is used a second or subsequent
507 B<SessionTicket>: session ticket support, enabled by default. Inverse of
567 B<AntiReplay>: If set then OpenSSL will automatically detect if a session ticket
569 enabled on the server. A full handshake is forced if a session ticket is used a
|
| H A D | SSL_shutdown.pod | 215 will ensure there is an opportunity for SSL/TLS session ticket messages to be
|
| /openssl/util/perl/TLSProxy/ |
| H A D | NewSessionTicket.pm | 89 $self->{ticket} = "";
100 my $ticket = substr($self->data, 6, $ticket_len);
103 $self->ticket($ticket);
114 $data .= pack('n', length($self->ticket));
115 $data .= $self->ticket;
129 sub ticket subroutine
133 $self->{ticket} = shift;
135 return $self->{ticket};
|
| /openssl/test/ |
| H A D | README.ssltest.md | 79 * SessionTicketExpected - whether or not a session ticket is expected
80 - Ignore - do not check for a session ticket (default)
81 - Yes - a session ticket is expected
82 - No - a session ticket is not expected
181 * BrokenSessionTicket - a special test case where the session ticket callback
|
| /openssl/test/recipes/ |
| H A D | 70-test_sslsessiontick.t | 160 $message->ticket("");
|
| /openssl/ssl/ |
| H A D | ssl_sess.c | 135 static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) in ssl_session_dup_intern() argument
231 if (ticket != 0 && src->ext.tick != NULL) { in ssl_session_dup_intern()
280 SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) in ssl_session_dup() argument
282 SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); in ssl_session_dup()
|
| H A D | ssl_local.h | 2504 __owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket);
|
| /openssl/include/openssl/ |
| H A D | ssl.h.in | 357 /* Don't use RFC4507 ticket extension */
2738 /* Support for ticket appdata */
2743 /* No ticket present */
2745 /* Empty ticket present */
2747 /* the ticket couldn't be decrypted */
2749 /* a ticket was successfully decrypted */
2751 /* same as above but the ticket needs to be renewed */
2759 /* Do not use the ticket, do not send a renewed ticket to the client */
2761 /* Do not use the ticket, send a renewed ticket to the client */
2763 /* Use the ticket, do not send a renewed ticket to the client */
[all …]
|
| /openssl/doc/man1/ |
| H A D | openssl-s_server.pod.in | 644 Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3
848 automatically detect if a session ticket has been used more than once, TLSv1.3
850 is forced if a session ticket is used a second or subsequent time. Any early
|
| H A D | openssl-s_client.pod.in | 725 Disable RFC4507bis session ticket support.
|
| /openssl/ |
| H A D | CHANGES.md | 1642 ticket
6739 * Malformed SHA512 ticket DoS
6746 a custom server callback and ticket lookup mechanism.
7314 a double free of the ticket data.
7940 * Malformed SHA512 ticket DoS
7947 a custom server callback and ticket lookup mechanism.
8485 a double free of the ticket data.
9271 presented a ticket with an expired session.
9558 a double free of the ticket data.
10576 The SSL_CTX structure automatically generates keys for ticket
[all …]
|
| H A D | NEWS.md | 666 * Configurable session ticket support
892 * Malformed SHA512 ticket DoS ([CVE-2016-6302])
993 * Malformed SHA512 ticket DoS ([CVE-2016-6302])
|
| /openssl/doc/designs/quic-design/ |
| H A D | quic-api-ssl-funcs.md | 927 TODO: new_session_ticket doesn't need modifying as such, but ticket machinery
|
