Skip to content

tls session should not use resumption with session tickets

Noel Power requested to merge samba-team/devel/samba:npower-alt-tls-new-session-ticket into master

This is an alternative fix for !2202 (closed) The advantage is it's pretty simple but I am unsure if this is the proper thing to do :/ (e.g. disabling the session tickets) Also here we are possibly changing the behaviour of clients using tls_stream, so perhaps this should have some configuration associated with it. But then there is the question of do we just control the NO_TICKETS flag passed to gnutls_init of do we cater for other flags I'd like some advice about this (or maybe we should go with some variation of !2202 (closed))

Checklist

  • Commits have Signed-off-by: with name/author being identical to the commit author
  • (optional) This MR is just one part towards a larger feature.
  • (optional, if backport required) Bugzilla bug filed and BUG: tag added
  • Test suite updated with functionality tests
  • Test suite updated with negative tests
  • Documentation updated
  • CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)

Reviewer's checklist:

  • There is a test suite reasonably covering new functionality or modifications
  • Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md
  • This feature/change has adequate documentation added
  • No obvious mistakes in the code

Merge request reports