]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
7b3a9b00 | 5 | Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] |
aaf35f11 | 6 | |
7c2d4fee BM |
7 | *) Improve forward-security support: add functions |
8 | ||
9 | void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure)) | |
10 | void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure)) | |
11 | ||
12 | for use by SSL/TLS servers; the callback function will be called whenever a | |
13 | new session is created, and gets to decide whether the session may be | |
14 | cached to make it resumable (return 0) or not (return 1). (As by the | |
15 | SSL/TLS protocol specifications, the session_id sent by the server will be | |
16 | empty to indicate that the session is not resumable; also, the server will | |
17 | not generate RFC 4507 (RFC 5077) session tickets.) | |
18 | ||
19 | A simple reasonable callback implementation is to return is_forward_secure. | |
20 | This parameter will be set to 1 or 0 depending on the ciphersuite selected | |
21 | by the SSL/TLS server library, indicating whether it can provide forward | |
22 | security. | |
23 |