[gnutls-devel] GnuTLS | add support for 0-RTT (!775)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Nov 2 16:31:47 CET 2018
Nikos Mavrogiannopoulos started a new discussion on doc/cha-gtls-app.texi:
> + at funcref{gnutls_anti_replay_set_window}.
> +
> +The anti-replay mechanism shall be globally initialized with
> + at funcref{gnutls_anti_replay_init}, and then attached to a session using
> + at funcref{gnutls_anti_replay_enable}. It can be deinitialized with
> + at funcref{gnutls_anti_replay_deinit}.
> +
> +By default, the mechanism stores the ClientHello messages on the process
> +memory. For a long-running server or distributed servers, you can set
> +back-end functions with @funcref{gnutls_db_set_check_function} and
> + at funcref{gnutls_db_set_store_function} (see @ref{Session resumption}).
> +
> +Although those back-end functions can be the same as the one used for
> +TLS 1.2 session resumption, there are a couple of things to note.
> +Firstly, as the anti-replay mechanism doesn't use values associate with
> +the keys, the store function takes the same data as key and value.
I needed to read the sentence multiple times. Maybe using "database keys" would make it more clear. However, what is said here is also an internal detail. We may not want to really commit on what we write on that db.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/775#note_114129494
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181102/f43431a0/attachment.html>
More information about the Gnutls-devel
mailing list