TLS Session Resumption
----------------------
-TLS Session Resumption for TLS 1.2 and TLS1.3 connections can be used (defined
+TLS Session Resumption for TLS 1.2 and TLS 1.3 connections can be used (defined
in RFC 5077 for 1.2). The support for this can be included by building with
-EXPERIMENTAL_TLS_RESUME defined.
+EXPERIMENTAL_TLS_RESUME defined. This requires GnuTLS 3.6.3 or OpenSSL 1.1.1
+(or later).
Session resumption (this is the "stateless" variant) involves the server sending
a "session ticket" to the client on one connection, which can be stored by the
# endif
#endif
+#ifdef EXPERIMENTAL_TLS_RESUME
+# if GNUTLS_VERSION_NUMBER < 0x030603
+# error GNUTLS version too early for session-resumption
+# endif
+#endif
+
#ifndef DISABLE_OCSP
# include <gnutls/ocsp.h>
#endif
Keep both calls as the session data cannot be extracted before handshake
completes. */
-#ifdef GNUTLS_SFLAGS_SESSION_TICKET
if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)
{
gnutls_datum_t tkt;
else DEBUG(D_tls)
debug_printf("extract session data: %s\n", US gnutls_strerror(rc));
}
-#endif
}
# define DISABLE_OCSP
#endif
+#ifdef EXPERIMENTAL_TLS_RESUME
+# if OPENSSL_VERSION_NUMBER < 0x0101010L
+# error OpenSSL version too old for session-resumption
+# endif
+#endif
+
#ifdef EXIM_HAVE_OPENSSL_CHECKHOST
# include <openssl/x509v3.h>
#endif
git://git.exim.org / exim.git / commitdiff