netty5/handler
Norman Maurer ecd7dc3516
Enable stateless resumption for TLSv1.3 by default when using OpenSSL / BoringSSL (#10997)
Motivation:

At the moment we always set SSL_OP_NO_TICKET when building our context. The problem with this is that this also disables resumption for TLSv1.3 in BoringSSL as it only supports stateless resumption for TLSv1.3 which uses tickets.
We should better clear this option when TLSv1.3 is enabled to be able to resume sessions. This is also inline with the OpenJDK which enables this for TLSv1.3 by default as well.

Modifications:

Check for enabled protocols and if TLSv1.3 is set clear SSL_OP_NO_TICKET.

Result:

Be able to resume sessions for TLSv1.3 when using BoringSSL.
2021-02-08 20:55:02 +01:00
..
src Enable stateless resumption for TLSv1.3 by default when using OpenSSL / BoringSSL (#10997) 2021-02-08 20:55:02 +01:00
pom.xml [maven-release-plugin] prepare for next development iteration 2021-02-08 10:48:37 +00:00