xref: /openbsd-src/lib/libtls/man/tls_config_set_session_id.3 (revision 9a8e282d80b67705b56e2337379efe453d78c9a3) 
1.\" $OpenBSD: tls_config_set_session_id.3,v 1.5 2018/02/10 06:07:43 jsing Exp $
2.\"
3.\" Copyright (c) 2017 Claudio Jeker <claudio@openbsd.org>
4.\" Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
5.\"
6.\" Permission to use, copy, modify, and distribute this software for any
7.\" purpose with or without fee is hereby granted, provided that the above
8.\" copyright notice and this permission notice appear in all copies.
9.\"
10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17.\"
18.Dd $Mdocdate: February 10 2018 $
19.Dt TLS_CONFIG_SET_SESSION_ID 3
20.Os
21.Sh NAME
22.Nm tls_config_set_session_fd ,
23.Nm tls_config_set_session_id ,
24.Nm tls_config_set_session_lifetime ,
25.Nm tls_config_add_ticket_key
26.Nd configure resuming of TLS handshakes
27.Sh SYNOPSIS
28.In tls.h
29.Ft int
30.Fo tls_config_set_session_fd
31.Fa "struct tls_config *config"
32.Fa "int session_fd"
33.Fc
34.Ft int
35.Fo tls_config_set_session_id
36.Fa "struct tls_config *config"
37.Fa "const unsigned char *session_id"
38.Fa "size_t len"
39.Fc
40.Ft int
41.Fo tls_config_set_session_lifetime
42.Fa "struct tls_config *config"
43.Fa "int lifetime"
44.Fc
45.Ft int
46.Fo tls_config_add_ticket_key
47.Fa "struct tls_config *config"
48.Fa "uint32_t keyrev"
49.Fa "unsigned char *key"
50.Fa "size_t keylen"
51.Fc
52.Sh DESCRIPTION
53.Fn tls_config_set_session_fd
54sets a file descriptor to be used to manage data for TLS sessions (client only).
55The given file descriptor must be a regular file and be owned by the current
56user, with permissions being restricted to only allow the owner to read and
57write the file (0600).
58If the file has a non-zero length, the client will attempt to read session
59data from this file and resume the previous TLS session with the server.
60Upon a successful handshake the file will be updated with current session
61data, if available.
62The caller is responsible for closing this file descriptor, after all TLS
63contexts that have been configured to use it have been freed via
64.Fn tls_free .
65.Pp
66.Fn tls_config_set_session_id
67sets the session identifier that will be used by the TLS server when
68sessions are enabled (server only).
69By default a random value is used.
70.Pp
71.Fn tls_config_set_session_lifetime
72sets the lifetime to be used for TLS sessions (server only).
73Session support is disabled if a lifetime of zero is specified, which is the
74default.
75.Pp
76.Fn tls_config_add_ticket_key
77adds a key used for the encryption and authentication of TLS tickets
78(server only).
79By default keys are generated and rotated automatically based on their lifetime.
80This function should only be used to synchronise ticket encryption key across
81multiple processes.
82Re-adding a known key will result in an error, unless it is the most recently
83added key.
84.Sh RETURN VALUES
85These functions return 0 on success or -1 on error.
86.Sh SEE ALSO
87.Xr tls_accept_socket 3 ,
88.Xr tls_config_set_protocols 3 ,
89.Xr tls_init 3 ,
90.Xr tls_load_file 3 ,
91.Xr tls_server 3
92.Sh HISTORY
93.Fn tls_config_set_session_id ,
94.Fn tls_config_set_session_lifetime
95and
96.Fn tls_config_add_ticket_key
97appeared in
98.Ox 6.1 .
99.Pp
100.Fn tls_config_set_session_fd
101appeared in
102.Ox 6.3 .
103.Sh AUTHORS
104.An Claudio Jeker Aq Mt claudio@openbsd.org
105.An Joel Sing Aq Mt jsing@openbsd.org
106