[tls] Support stateless session resumption

Add support for RFC5077 session ticket extensions to allow for stateless TLS session resumption. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-20 20:10:18 +03:00 · 2019-03-06 15:02:02 +00:00
parent 799781f168
commit eaba1a22b8
2 changed files with 122 additions and 19 deletions
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -63,6 +63,7 @@ struct tls_header {
 #define TLS_HELLO_REQUEST 0
 #define TLS_CLIENT_HELLO 1
 #define TLS_SERVER_HELLO 2
+#define TLS_NEW_SESSION_TICKET 4
 #define TLS_CERTIFICATE 11
 #define TLS_SERVER_KEY_EXCHANGE 12
 #define TLS_CERTIFICATE_REQUEST 13
@@ -108,6 +109,9 @@ struct tls_header {
 /* TLS signature algorithms extension */
 #define TLS_SIGNATURE_ALGORITHMS 13

+/* TLS session ticket extension */
+#define TLS_SESSION_TICKET 35
+
 /* TLS renegotiation information extension */
 #define TLS_RENEGOTIATION_INFO 0xff01

@@ -255,6 +259,10 @@ struct tls_session {
 	uint8_t id[32];
 	/** Length of session ID */
 	size_t id_len;
+	/** Session ticket */
+	void *ticket;
+	/** Length of session ticket */
+	size_t ticket_len;
 	/** Master secret */
 	uint8_t master_secret[48];

@@ -275,6 +283,10 @@ struct tls_connection {
 	uint8_t session_id[32];
 	/** Length of session ID */
 	size_t session_id_len;
+	/** New session ticket */
+	void *new_session_ticket;
+	/** Length of new session ticket */
+	size_t new_session_ticket_len;

 	/** Plaintext stream */
 	struct interface plainstream;