[gnutls-devel] GnuTLS | resumption: keep persistent session identifiers (!721)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Aug 7 06:47:11 CEST 2018
Nikos Mavrogiannopoulos commented on a discussion on lib/session.c:
> - * resumed. That is because resumed sessions share the same session ID
> - * with the original session.
> - *
> - * The session ID is selected by the server, that identify the
> - * current session. In all supported TLS protocols, the session id
> - * is less than %GNUTLS_MAX_SESSION_ID_SIZE.
> - *
> - * The TLS session ID cannot be relied for uniquely identifying sessions.
> - * It should not be used by new applications, nor be assumed
> - * that it will remain the same on resumption. The session ID changes
> - * even on resumed sessions under session tickets, and has no defined meaning
> - * under TLS 1.3.
> + * Returns the TLS session identifier. The session ID is selected by the
> + * server, and in older versions of TLS was a unique identifier shared
> + * between client and server which was persistent across resumption.
> + * In the latest version of TLS (1.3) or TLS 1.2 with session tickets, the
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/721#note_92859120
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel