Unbound 1.9.0 released - TLS session resumption support and configuration

nusenu nusenu-lists at riseup.net
Sun Mar 24 14:01:00 UTC 2019


Wouter Wijngaards via Unbound-users:
> There is also TLS session resumption support, that can be enabled with
> the tls-session-ticket-keys option.

According to a scan of a unbound DoT endpoint running 1.9.1
unbound enables TLS session resumption based on
- Session ID
and
- Session Tickets
by default, without specifying tls-session-ticket-keys.

from the man page:
>        tls-session-ticket-keys: <file>
>               If not "", [...]

unbound will not start when setting: 

tls-session-ticket-keys: ""

error: could not read tls-session-ticket-key : No such file or directory

Questions:

- What key is used to encrypt session tickets if tls-session-ticket-keys is not set?
- How can I disable TLS session resumption based on session tickets?
- What is the default timeout for session resumption based on session IDs?
- How can I configure that timeout?
- How can I disable TLS session resumption based on session IDs?

thanks,
nusenu


-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190324/8a3e2c8d/attachment.bin>


More information about the Unbound-users mailing list