diff options
author | Ingela Anderton Andin <[email protected]> | 2019-01-04 11:01:21 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2019-01-14 18:06:15 +0100 |
commit | ba4fb703a5c20ed26186d5ae968020819c1d8780 (patch) | |
tree | e4a1f2cf8f7a5dea8b6cfe6f2ce5b00bf8527cd2 /lib/ssl/doc | |
parent | 15183f8e798e1fe5ac613f711df491d3bf4f2db7 (diff) | |
download | otp-ba4fb703a5c20ed26186d5ae968020819c1d8780.tar.gz otp-ba4fb703a5c20ed26186d5ae968020819c1d8780.tar.bz2 otp-ba4fb703a5c20ed26186d5ae968020819c1d8780.zip |
ssl: Add value 'save' to reuse_sessions and reuse_session client option
We want to be able to save a specific session to reuse, and make sure
it is reusable immediatly when the connection has been established.
Add client option {reuse_session, SessionID::binary()}
We also do not want clients to save sessions that it did not verify.
Additionaly change behaviour of the client and server to not save sessions
if reuse_session is set to false.
Diffstat (limited to 'lib/ssl/doc')
-rw-r--r-- | lib/ssl/doc/src/ssl.xml | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index b4aa8746f9..586452efd4 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -83,8 +83,9 @@ <p><c>| {ciphers, ciphers()}</c></p> <p><c>| {user_lookup_fun, {fun(), term()}}, {psk_identity, string()}, {srp_identity, {string(), string()}}</c></p> - <p><c>| {reuse_sessions, boolean()}</c></p> - <p><c>| {reuse_session, fun()} {next_protocols_advertised, [binary()]}</c></p> + <p><c>| {reuse_sessions, boolean() | save()}</c></p> + <p><c>| {reuse_session, fun() | binary()} </c></p> + <p><c>| {next_protocols_advertised, [binary()]}</c></p> <p><c>| {client_preferred_next_protocols, {client | server, [binary()]} | {client | server, [binary()], binary()}}</c></p> <p><c>| {log_alert, boolean()}</c></p> @@ -575,11 +576,23 @@ fun(srp, Username :: string(), UserState :: term()) -> <item><p>In mode <c>verify_none</c> the default behavior is to allow all x509-path validation errors. See also option <c>verify_fun</c>.</p> </item> + + <tag><marker id="client_reuse_session"/><c>{reuse_session, binary()}</c></tag> + <item><p>Reuses a specific session earlier saved with the option + <c>{reuse_sessions, save} since ssl-9.2</c> + </p></item> - <tag><c>{reuse_sessions, boolean()}</c></tag> - <item><p>Specifies if the client is to try to reuse sessions - when possible.</p></item> - + <tag><c>{reuse_sessions, boolean() | save}</c></tag> + <item><p>When <c>save</c> is specified a new connection will be negotiated + and saved for later reuse. The session ID can be fetched with + <seealso marker="#connection_information">connection_information/2</seealso> + and used with the client option <seealso marker="#client_reuse_session">reuse_session</seealso> + The boolean value true specifies that if possible, automatized session reuse will + be performed. If a new session is created, and is unique in regard + to previous stored sessions, it will be saved for possible later reuse. + Value <c>save</c> since ssl-9.2 + </p></item> + <tag><c>{cacerts, [public_key:der_encoded()]}</c></tag> <item><p>The DER-encoded trusted certificates. If this option is supplied it overrides option <c>cacertfile</c>.</p></item> @@ -758,11 +771,14 @@ fun(srp, Username :: string(), UserState :: term()) -> </item> <tag><c>{reuse_sessions, boolean()}</c></tag> - <item><p>Specifies if the server is to agree to reuse sessions - when requested by the clients. See also option <c>reuse_session</c>. + <item><p>The boolean value true specifies that the server will + agree to reuse sessions. Setting it to false will result in an empty + session table, that is no sessions will be reused. + See also option <seealso marker="#server_reuse_session">reuse_session</seealso> </p></item> - <tag><c>{reuse_session, fun(SuggestedSessionId, + <tag><marker id="server_reuse_session"/> + <c>{reuse_session, fun(SuggestedSessionId, PeerCert, Compression, CipherSuite) -> boolean()}</c></tag> <item><p>Enables the TLS/DTLS server to have a local policy for deciding if a session is to be reused or not. |