[prev in list] [next in list] [prev in thread] [next in thread]
List: unbound-users
Subject: Re: Unbound 1.9.0 released - TLS session resumption support and configuration
From: nusenu via Unbound-users <unbound-users () nlnetlabs ! nl>
Date: 2019-03-24 14:01:00
Message-ID: 378cf3d4-8415-f511-0abd-ec5cf8299a24 () riseup ! net
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
Wouter Wijngaards via Unbound-users:
> There is also TLS session resumption support, that can be enabled with
> the tls-session-ticket-keys option.
According to a scan of a unbound DoT endpoint running 1.9.1
unbound enables TLS session resumption based on
- Session ID
and
- Session Tickets
by default, without specifying tls-session-ticket-keys.
from the man page:
> tls-session-ticket-keys: <file>
> If not "", [...]
unbound will not start when setting:
tls-session-ticket-keys: ""
error: could not read tls-session-ticket-key : No such file or directory
Questions:
- What key is used to encrypt session tickets if tls-session-ticket-keys is not set?
- How can I disable TLS session resumption based on session tickets?
- What is the default timeout for session resumption based on session IDs?
- How can I configure that timeout?
- How can I disable TLS session resumption based on session IDs?
thanks,
nusenu
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic