Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[tls] Support stateful session resumption
Record the session ID (if any) provided by the server and attempt to
reuse it for any concurrent connections to the same server.

If multiple connections are initiated concurrently (e.g. when using
PeerDist) then defer sending the ClientHello for all but the first
connection, to allow time for the first connection to potentially
obtain a session ID (and thereby speed up the negotiation for all
remaining connections).

Signed-off-by: Michael Brown <mcb30@ipxe.org>
  • Loading branch information
mcb30 committed Feb 21, 2019
1 parent 64b4452 commit 272fe32
Show file tree
Hide file tree
Showing 2 changed files with 220 additions and 10 deletions.
31 changes: 29 additions & 2 deletions src/include/ipxe/tls.h
Expand Up @@ -242,13 +242,40 @@ struct md5_sha1_digest {
/** MD5+SHA1 digest size */
#define MD5_SHA1_DIGEST_SIZE sizeof ( struct md5_sha1_digest )

/** A TLS connection */
struct tls_connection {
/** A TLS session */
struct tls_session {
/** Reference counter */
struct refcnt refcnt;
/** List of sessions */
struct list_head list;

/** Server name */
const char *name;
/** Session ID */
uint8_t id[32];
/** Length of session ID */
size_t id_len;
/** Master secret */
uint8_t master_secret[48];

/** List of connections */
struct list_head conn;
};

/** A TLS connection */
struct tls_connection {
/** Reference counter */
struct refcnt refcnt;

/** Session */
struct tls_session *session;
/** List of connections within the same session */
struct list_head list;
/** Session ID */
uint8_t session_id[32];
/** Length of session ID */
size_t session_id_len;

/** Plaintext stream */
struct interface plainstream;
/** Ciphertext stream */
Expand Down

0 comments on commit 272fe32

Please sign in to comment.