FreeBSD Manual Pages

home | help

TLS_CONFIG_SET_SESSION_I(3) Library Functions ManuaTLS_CONFIG_SET_SESSION_I(3)

NAME
       tls_config_set_session_fd,		    tls_config_set_session_id,
       tls_config_set_session_lifetime,	tls_config_add_ticket_key -- configure
       resuming	of TLS handshakes

SYNOPSIS
       #include	<tls.h>

       int
       tls_config_set_session_fd(struct	tls_config *config, int	session_fd);

       int
       tls_config_set_session_id(struct	tls_config *config,
	   const unsigned char *session_id, size_t len);

       int
       tls_config_set_session_lifetime(struct tls_config *config,
	   int lifetime);

       int
       tls_config_add_ticket_key(struct	tls_config *config,   uint32_t keyrev,
	   unsigned char *key, size_t keylen);

DESCRIPTION
       tls_config_set_session_fd() sets	a file descriptor to be	used to	manage
       data for	TLS sessions (client only).  The given file descriptor must be
       a regular file and be owned by the current user,	with permissions being
       restricted  to  only allow the owner to read and	write the file (0600).
       If the file has a non-zero length, the client will attempt to read ses-
       sion data from this file	and resume the previous	TLS session  with  the
       server.	Upon a successful handshake the	file will be updated with cur-
       rent session data, if available.	 The caller is responsible for closing
       this  file descriptor, after all	TLS contexts that have been configured
       to use it have been freed via tls_free().

       tls_config_set_session_id() sets	the session identifier	that  will  be
       used by the TLS server when sessions are	enabled	(server	only).	By de-
       fault a random value is used.

       tls_config_set_session_lifetime()  sets the lifetime to be used for TLS
       sessions	(server	only).	Session	support	is disabled if a  lifetime  of
       zero is specified, which	is the default.

       tls_config_add_ticket_key()  adds a key used for	the encryption and au-
       thentication of TLS tickets (server only).  By default keys are	gener-
       ated  and rotated automatically based on	their lifetime.	 This function
       should only be used to synchronise ticket encryption key	across	multi-
       ple  processes.	 Re-adding a known key will result in an error,	unless
       it is the most recently added key.

RETURN VALUES
       These functions return 0	on success or -1 on error.

SEE ALSO
       tls_accept_socket(3),	 tls_config_set_protocols(3),	  tls_init(3),
       tls_load_file(3), tls_server(3)

HISTORY
       tls_config_set_session_id(),    tls_config_set_session_lifetime()   and
       tls_config_add_ticket_key() appeared in OpenBSD 6.1.

       tls_config_set_session_fd() appeared in OpenBSD 6.3.

AUTHORS
       Claudio Jeker <claudio@openbsd.org>
       Joel Sing <jsing@openbsd.org>

FreeBSD	Ports 14.quarterly     February	10, 2018  TLS_CONFIG_SET_SESSION_ID(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=tls_config_set_session_id&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help

Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages