Provided by: libtls-dev_3.7.0-4_amd64 bug

NAME

     tls_config_set_session_fd, tls_config_set_session_id, tls_config_set_session_lifetime,
     tls_config_add_ticket_key — configure resuming of TLS handshakes

SYNOPSIS

     #include <tls.h>

     int
     tls_config_set_session_fd(struct tls_config *config, int session_fd);

     int
     tls_config_set_session_id(struct tls_config *config, const unsigned char *session_id,
         size_t len);

     int
     tls_config_set_session_lifetime(struct tls_config *config, int lifetime);

     int
     tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev, unsigned char *key,
         size_t keylen);

DESCRIPTION

     tls_config_set_session_fd() sets a file descriptor to be used to manage data for TLS
     sessions (client only).  The given file descriptor must be a regular file and be owned by
     the current user, with permissions being restricted to only allow the owner to read and
     write the file (0600).  If the file has a non-zero length, the client will attempt to read
     session data from this file and resume the previous TLS session with the server.  Upon a
     successful handshake the file will be updated with current session data, if available.  The
     caller is responsible for closing this file descriptor, after all TLS contexts that have
     been configured to use it have been freed via tls_free().

     tls_config_set_session_id() sets the session identifier that will be used by the TLS server
     when sessions are enabled (server only).  By default a random value is used.

     tls_config_set_session_lifetime() sets the lifetime to be used for TLS sessions (server
     only).  Session support is disabled if a lifetime of zero is specified, which is the
     default.

     tls_config_add_ticket_key() adds a key used for the encryption and authentication of TLS
     tickets (server only).  By default keys are generated and rotated automatically based on
     their lifetime.  This function should only be used to synchronise ticket encryption key
     across multiple processes.  Re-adding a known key will result in an error, unless it is the
     most recently added key.

RETURN VALUES

     These functions return 0 on success or -1 on error.

SEE ALSO

     tls_accept_socket(3), tls_config_set_protocols(3), tls_init(3), tls_load_file(3),
     tls_server(3)

HISTORY

     tls_config_set_session_id(), tls_config_set_session_lifetime() and
     tls_config_add_ticket_key() appeared in OpenBSD 6.1.

     tls_config_set_session_fd() appeared in OpenBSD 6.3.

AUTHORS

     Claudio Jeker <claudio@openbsd.org>
     Joel Sing <jsing@openbsd.org>