aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2019-01-04 11:01:21 +0100
committerIngela Anderton Andin <[email protected]>2019-01-14 18:06:15 +0100
commitba4fb703a5c20ed26186d5ae968020819c1d8780 (patch)
treee4a1f2cf8f7a5dea8b6cfe6f2ce5b00bf8527cd2 /lib/ssl/doc
parent15183f8e798e1fe5ac613f711df491d3bf4f2db7 (diff)
downloadotp-ba4fb703a5c20ed26186d5ae968020819c1d8780.tar.gz
otp-ba4fb703a5c20ed26186d5ae968020819c1d8780.tar.bz2
otp-ba4fb703a5c20ed26186d5ae968020819c1d8780.zip
ssl: Add value 'save' to reuse_sessions and reuse_session client option
We want to be able to save a specific session to reuse, and make sure it is reusable immediatly when the connection has been established. Add client option {reuse_session, SessionID::binary()} We also do not want clients to save sessions that it did not verify. Additionaly change behaviour of the client and server to not save sessions if reuse_session is set to false.
Diffstat (limited to 'lib/ssl/doc')
-rw-r--r--lib/ssl/doc/src/ssl.xml34
1 files changed, 25 insertions, 9 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index b4aa8746f9..586452efd4 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -83,8 +83,9 @@
<p><c>| {ciphers, ciphers()}</c></p>
<p><c>| {user_lookup_fun, {fun(), term()}}, {psk_identity, string()},
{srp_identity, {string(), string()}}</c></p>
- <p><c>| {reuse_sessions, boolean()}</c></p>
- <p><c>| {reuse_session, fun()} {next_protocols_advertised, [binary()]}</c></p>
+ <p><c>| {reuse_sessions, boolean() | save()}</c></p>
+ <p><c>| {reuse_session, fun() | binary()} </c></p>
+ <p><c>| {next_protocols_advertised, [binary()]}</c></p>
<p><c>| {client_preferred_next_protocols, {client | server,
[binary()]} | {client | server, [binary()], binary()}}</c></p>
<p><c>| {log_alert, boolean()}</c></p>
@@ -575,11 +576,23 @@ fun(srp, Username :: string(), UserState :: term()) ->
<item><p>In mode <c>verify_none</c> the default behavior is to allow
all x509-path validation errors. See also option <c>verify_fun</c>.</p>
</item>
+
+ <tag><marker id="client_reuse_session"/><c>{reuse_session, binary()}</c></tag>
+ <item><p>Reuses a specific session earlier saved with the option
+ <c>{reuse_sessions, save} since ssl-9.2</c>
+ </p></item>
- <tag><c>{reuse_sessions, boolean()}</c></tag>
- <item><p>Specifies if the client is to try to reuse sessions
- when possible.</p></item>
-
+ <tag><c>{reuse_sessions, boolean() | save}</c></tag>
+ <item><p>When <c>save</c> is specified a new connection will be negotiated
+ and saved for later reuse. The session ID can be fetched with
+ <seealso marker="#connection_information">connection_information/2</seealso>
+ and used with the client option <seealso marker="#client_reuse_session">reuse_session</seealso>
+ The boolean value true specifies that if possible, automatized session reuse will
+ be performed. If a new session is created, and is unique in regard
+ to previous stored sessions, it will be saved for possible later reuse.
+ Value <c>save</c> since ssl-9.2
+ </p></item>
+
<tag><c>{cacerts, [public_key:der_encoded()]}</c></tag>
<item><p>The DER-encoded trusted certificates. If this option
is supplied it overrides option <c>cacertfile</c>.</p></item>
@@ -758,11 +771,14 @@ fun(srp, Username :: string(), UserState :: term()) ->
</item>
<tag><c>{reuse_sessions, boolean()}</c></tag>
- <item><p>Specifies if the server is to agree to reuse sessions
- when requested by the clients. See also option <c>reuse_session</c>.
+ <item><p>The boolean value true specifies that the server will
+ agree to reuse sessions. Setting it to false will result in an empty
+ session table, that is no sessions will be reused.
+ See also option <seealso marker="#server_reuse_session">reuse_session</seealso>
</p></item>
- <tag><c>{reuse_session, fun(SuggestedSessionId,
+ <tag><marker id="server_reuse_session"/>
+ <c>{reuse_session, fun(SuggestedSessionId,
PeerCert, Compression, CipherSuite) -> boolean()}</c></tag>
<item><p>Enables the TLS/DTLS server to have a local policy
for deciding if a session is to be reused or not.