Comments (7)
I figured it out!
Turns out, you need to update the Botan::TLS::Policy
class to enable this feature!
struct tls_policy final : public Botan::TLS::Policy
{
bool
reuse_session_tickets() const override
{
return true;
}
~tls_policy() override;
};
tls_policy::~tls_policy() = default;
this is all a user has to do and then et voila, I now see that all my TLS resumptions are happening as I'd expect.
from botan.
Alright, sounds good to me then!
I'll think about how to add this to a public API in a way that won't immediately make users groan.
from botan.
btw, as always, thanks for the help, @reneme
I really appreciate it.
This library is fantastic, and I appreciate the guidance in learning how to use it effectively.
from botan.
Hi! Actually, repeated resumption should also work without allowing session ticket reuse. In fact, reusing session tickets might not work for every TLS server as they are often meant for single-use.
By default, a Botan-based TLS 1.3 server will issue exactly one session ticket per successful handshake. It does that after a full handshake as well as after a resumed handshake. Your Botan-based TLS client will hold the session ticket in the Session_Manager_In_Memory
and (by default) discard it after a single use.
If I understand correctly, your test performs one initial handshake and, after that succeeded, many more in parallel. Due to the default behavior described above, the parallel connection attempts will only find a single resumption ticket and hence only one of them will resume.
Instead of enabling reuse_session_tickets
in the client policy, you should consider increasing the number in new_session_tickets_upon_handshake_success
in the server's policy. By default this is set to "1". Be warned though, that this shouldn't be set too high. The tickets issued by default are currently quite large and require extra computation on the server.
from botan.
Interesting. Why increase the amount of usable session tickets vs just enable their reuse?
from botan.
FWIW: it's a recommendation of the RFC: https://datatracker.ietf.org/doc/html/rfc8446#appendix-C.4
from botan.
Note that TLS 1.3 allows sending session tickets at any time after the handshake is complete. See the API in TLS::Server
:
botan/src/lib/tls/tls_server.h
Lines 86 to 87 in 5649a10
You could simply provide a wrapper for this, instead of (or additionally to) some more complicated configuration construction.
from botan.
Related Issues (20)
- [botan2] Intermittent assertions in `dh_invalid` test case on ppc64le HOT 6
- Using `find_package(botan)` with botan 3.4.0 installed from conan HOT 4
- Namespace Botan has no member HOT 3
- Fails to build as shared library on osx (via vcpkg) HOT 11
- GCC 14: warning: ‘operator delete’ called on pointer ‘_74’ with nonzero offset HOT 2
- The `--build-targets=` option doesn't
- Add CT::Option
- FrodoKEM-AES terribly slow without AESNI
- Re-evaluate Certificate_Extension::validate
- current master fails to build docs HOT 3
- Replace TPM support with alternative library HOT 3
- Possibility to use a custom thread pool HOT 4
- Botan Thread == 1 handling and Emscripten side effects HOT 8
- Some build flags are not passed to link-time optimizer when building with `-flto=auto` HOT 6
- ECDSA public key recovery: Internal error: False assertion m_point is not null in EC_AffinePoint HOT 6
- ECDSA producing unverifiable or incorrect signatures for secp128r2 HOT 3
- Create ECDH_PrivateKey from raw bits HOT 5
- Ninja install places .cmake files in the wrong folder. HOT 2
- configure.py drops build.ninja in the repository root HOT 3
- Significant slowdown of S2K key derivation/SHA1 hashing HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from botan.