Mercurial > hg > nginx

annotate auto/stubs @ 8086:496241338da5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: workaround for session timeout handling with TLSv1.3. OpenSSL with TLSv1.3 updates the session creation time on session resumption and keeps the session timeout unmodified, making it possible to maintain the session forever, bypassing client certificate expiration and revocation. To make sure session timeouts are actually used, we now update the session creation time and reduce the session timeout accordingly. BoringSSL with TLSv1.3 ignores configured session timeouts and uses a hardcoded timeout instead, 7 days. So we update session timeout to the configured value as soon as a session is created.
author Maxim Dounin <mdounin@mdounin.ru>
date Wed, 12 Oct 2022 20:14:57 +0300
parents d620f497c50f
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
455
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
1
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
2 # Copyright (C) Igor Sysoev
4412
d620f497c50f Copyright updated.
Maxim Konovalov <maxim@nginx.com>
parents: 2746
diff changeset
3 # Copyright (C) Nginx, Inc.
455
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
4
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
5
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
6 have=NGX_SUPPRESS_WARN . auto/have
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
7
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
8 have=NGX_SMP . auto/have