Unbound 1.9.0 released - TLS session resumption support and configuration
nusenu
nusenu-lists at riseup.net
Sun Mar 24 14:01:00 UTC 2019
Wouter Wijngaards via Unbound-users:
> There is also TLS session resumption support, that can be enabled with
> the tls-session-ticket-keys option.
According to a scan of a unbound DoT endpoint running 1.9.1
unbound enables TLS session resumption based on
- Session ID
and
- Session Tickets
by default, without specifying tls-session-ticket-keys.
from the man page:
> tls-session-ticket-keys: <file>
> If not "", [...]
unbound will not start when setting:
tls-session-ticket-keys: ""
error: could not read tls-session-ticket-key : No such file or directory
Questions:
- What key is used to encrypt session tickets if tls-session-ticket-keys is not set?
- How can I disable TLS session resumption based on session tickets?
- What is the default timeout for session resumption based on session IDs?
- How can I configure that timeout?
- How can I disable TLS session resumption based on session IDs?
thanks,
nusenu
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190324/8a3e2c8d/attachment.bin>
More information about the Unbound-users
mailing list