OpenBSD manual page server

NAME

tls_config_set_session_id, tls_config_set_session_lifetime, tls_config_add_ticket_key — configure resuming of TLS handshakes

SYNOPSIS

#include <tls.h>

int
tls_config_set_session_id(struct tls_config *config, const unsigned char *session_id, size_t len);

int
tls_config_set_session_lifetime(struct tls_config *config, int lifetime);

int
tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev, unsigned char *key, size_t keylen);

DESCRIPTION

tls_config_set_session_id() sets the session identifier that will be used by the TLS server when sessions are enabled. By default a random value is used.

tls_config_set_session_lifetime() sets the lifetime to be used for TLS sessions. Session support is disabled if a lifetime of zero is specified, which is the default.

tls_config_add_ticket_key() adds a key used for the encryption and authentication of TLS tickets. By default keys are generated and rotated automatically based on their lifetime. This function should only be used to synchronise ticket encryption key across multiple processes. Re-adding a known key will result in an error, unless it is the most recently added key.

RETURN VALUES

These functions return 0 on success or -1 on error.

SEE ALSO

tls_accept_socket(3), tls_config_set_protocols(3), tls_init(3), tls_load_file(3), tls_server(3)

HISTORY

These functions appeared in OpenBSD 6.1.

AUTHORS

Claudio Jeker <claudio@openbsd.org>