[prev in list] [next in list] [prev in thread] [next in thread] 

List:       unbound-users
Subject:    Re: Unbound 1.9.0 released - TLS session resumption support and configuration
From:       nusenu via Unbound-users <unbound-users () nlnetlabs ! nl>
Date:       2019-03-24 14:01:00
Message-ID: 378cf3d4-8415-f511-0abd-ec5cf8299a24 () riseup ! net
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


Wouter Wijngaards via Unbound-users:
> There is also TLS session resumption support, that can be enabled with
> the tls-session-ticket-keys option.

According to a scan of a unbound DoT endpoint running 1.9.1
unbound enables TLS session resumption based on
- Session ID
and
- Session Tickets
by default, without specifying tls-session-ticket-keys.

from the man page:
>        tls-session-ticket-keys: <file>
>               If not "", [...]

unbound will not start when setting: 

tls-session-ticket-keys: ""

error: could not read tls-session-ticket-key : No such file or directory

Questions:

- What key is used to encrypt session tickets if tls-session-ticket-keys is not set?
- How can I disable TLS session resumption based on session tickets?
- What is the default timeout for session resumption based on session IDs?
- How can I configure that timeout?
- How can I disable TLS session resumption based on session IDs?

thanks,
nusenu


-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]