diff options
| author | Grigorii Demidov <grigorii.demidov@nic.cz> | 2018-07-09 14:42:51 +0200 |
|---|---|---|
| committer | Petr Špaček <petr.spacek@nic.cz> | 2018-07-23 16:15:48 +0200 |
| commit | a909f8b6689c032d6e23ff72da760f4c20ebcba7 (patch) | |
| tree | 99f58306719104a53cb7e57ffb738b1575bd2dfb /daemon/tls.h | |
| parent | Merge branch 'update-rpm-spec' into 'master' (diff) | |
| download | knot-resolver-a909f8b6689c032d6e23ff72da760f4c20ebcba7.tar.xz knot-resolver-a909f8b6689c032d6e23ff72da760f4c20ebcba7.zip | |
daemon/tls: properly process TLS rehandshake
Diffstat (limited to 'daemon/tls.h')
| -rw-r--r-- | daemon/tls.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/daemon/tls.h b/daemon/tls.h index 724463ec..c5c01c78 100644 --- a/daemon/tls.h +++ b/daemon/tls.h @@ -26,6 +26,22 @@ #define MAX_TLS_PADDING KR_EDNS_PAYLOAD #define TLS_MAX_UNCORK_RETRIES 100 +/* rfc 5476, 7.3 - handshake Protocol overview + * https://tools.ietf.org/html/rfc5246#page-33 + * Message flow for a full handshake (only mandatory messages) + * ClientHello --------> + ServerHello + <-------- ServerHelloDone + ClientKeyExchange + Finished --------> + <-------- Finished + * + * See also https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/ + * So it takes 2 RTT. + * As we use session tickets, there are additional messages, add one RTT mode. + */ + #define TLS_MAX_HANDSHAKE_TIME (KR_CONN_RTT_MAX * 3) + struct tls_ctx_t; struct tls_client_ctx_t; struct tls_credentials { |