Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
TLS_CONFIG_SET_SESS... FreeBSD Library Functions Manual	TLS_CONFIG_SET_SESS...

NAME
     tls_config_set_session_fd,	tls_config_set_session_id,
     tls_config_set_session_lifetime, tls_config_add_ticket_key	-- configure
     resuming of TLS handshakes

SYNOPSIS
     #include <tls.h>

     int
     tls_config_set_session_fd(struct tls_config *config, int session_fd);

     int
     tls_config_set_session_id(struct tls_config *config,
	 const unsigned	char *session_id, size_t len);

     int
     tls_config_set_session_lifetime(struct tls_config *config,	int lifetime);

     int
     tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev,
	 unsigned char *key, size_t keylen);

DESCRIPTION
     tls_config_set_session_fd() sets a	file descriptor	to be used to manage
     data for TLS sessions (client only).  The given file descriptor must be a
     regular file and be owned by the current user, with permissions being re-
     stricted to only allow the	owner to read and write	the file (0600).  If
     the file has a non-zero length, the client	will attempt to	read session
     data from this file and resume the	previous TLS session with the server.
     Upon a successful handshake the file will be updated with current session
     data, if available.  The caller is	responsible for	closing	this file de-
     scriptor, after all TLS contexts that have	been configured	to use it have
     been freed	via tls_free().

     tls_config_set_session_id() sets the session identifier that will be used
     by	the TLS	server when sessions are enabled (server only).	 By default a
     random value is used.

     tls_config_set_session_lifetime() sets the	lifetime to be used for	TLS
     sessions (server only).  Session support is disabled if a lifetime	of
     zero is specified,	which is the default.

     tls_config_add_ticket_key() adds a	key used for the encryption and	au-
     thentication of TLS tickets (server only).	 By default keys are generated
     and rotated automatically based on	their lifetime.	 This function should
     only be used to synchronise ticket	encryption key across multiple pro-
     cesses.  Re-adding	a known	key will result	in an error, unless it is the
     most recently added key.

RETURN VALUES
     These functions return 0 on success or -1 on error.

SEE ALSO
     tls_accept_socket(3), tls_config_set_protocols(3),	tls_init(3),
     tls_load_file(3), tls_server(3)

HISTORY
     tls_config_set_session_id(), tls_config_set_session_lifetime() and
     tls_config_add_ticket_key() appeared in OpenBSD 6.1.

     tls_config_set_session_fd() appeared in OpenBSD 6.3.

AUTHORS
     Claudio Jeker <claudio@openbsd.org>
     Joel Sing <jsing@openbsd.org>

FreeBSD	13.0		       February	10, 2018		  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | SEE ALSO | HISTORY | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=tls_config_set_session_id&sektion=3&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help