pike.git / lib / modules / SSL.pmod / Notes.txt

version» Context lines:

pike.git/lib/modules/SSL.pmod/Notes.txt:41:    [ ] LZS Compression for TLS RFC 3943    [X] Camellia Cipher for TLS RFC 4132    [ ] SEED Cipher for TLS 1.0 RFC 4162    [X] Pre-Shared Keys for TLS RFC 4279      The TLS 1.1 Protocol is specified in the following RFCs:       [X] SSL 3.2/TLS 1.1 RFC 4346    [/] Extensions for TLS 1.1 RFC 4366    [X] ECC Ciphers for TLS 1.1 RFC 4492 -  [ ] Session Resumption RFC 4507 +  [X] Session Resumption RFC 4507    [ ] TLS Handshake Message RFC 4680    [ ] User Mapping Extension RFC 4681    [X] PSK with NULL for TLS 1.1 RFC 4785    [ ] SRP with TLS 1.1 RFC 5054 -  [ ] Session Resumption RFC 5077 +  [X] Session Resumption RFC 5077    [ ] OpenPGP Authentication RFC 5081    [X] Authenticated Encryption RFC 5116      The DTLS 1.0 Protocol is specified in the following RFCs:       [ ] DTLS 1.0 RFC 4347    [ ] DTLS over DCCP RFC 5238      The TLS 1.2 Protocol is specified in the following RFCs:   
pike.git/lib/modules/SSL.pmod/Notes.txt:227:       It should be possible to lazy load certificates to increase    startup time and reduce memory usage for servers with many    sites. Dynamic loading and unloaded could be part of the same    mechanism as the Context selection mentioned above.       Truncated HMAC is only supported on the server side. It has    however been mentioned on the IETF TLS mailing list that there    are security issues with truncated HMAC, so this is only    lacking for completeness. +  +  Ticket-based session resumption is supported on both client- +  and server-side. To avoid security pitfalls, the server-side +  is however by default not state-less. Making it state-less +  can be done by overriding SSL.Context::encode_session() and +  SSL.Context::decode_session() with a suitable encoding.