Branch: Tag:

2016-07-17

2016-07-17 07:54:42 by Henrik Grubbström (Grubba) <grubba@grubba.org>

CHANGES [SSL]: Added note about session tickets.

48:    [X] SSL 3.2/TLS 1.1 RFC 4346    [/] Extensions for TLS 1.1 RFC 4366    [X] ECC Ciphers for TLS 1.1 RFC 4492 -  [ ] Session Resumption RFC 4507 +  [X] Session Resumption RFC 4507    [ ] TLS Handshake Message RFC 4680    [ ] User Mapping Extension RFC 4681    [X] PSK with NULL for TLS 1.1 RFC 4785    [ ] SRP with TLS 1.1 RFC 5054 -  [ ] Session Resumption RFC 5077 +  [X] Session Resumption RFC 5077    [ ] OpenPGP Authentication RFC 5081    [X] Authenticated Encryption RFC 5116   
234:    however been mentioned on the IETF TLS mailing list that there    are security issues with truncated HMAC, so this is only    lacking for completeness. +  +  Ticket-based session resumption is supported on both client- +  and server-side. To avoid security pitfalls, the server-side +  is however by default not state-less. Making it state-less +  can be done by overriding SSL.Context::encode_session() and +  SSL.Context::decode_session() with a suitable encoding.