QSslConfiguration: add API to persist and resume SSL sessions

Session tickets can be cached on the client side for hours (e.g.
graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the
server does not need to maintain state.
We need public API for it so an application can cache the session (e.g.
to disk) and resume a session already with the 1st handshake, saving
one network round trip.

Task-number: QTBUG-20668
Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c
Reviewed-by: Richard J. Moore <rich@kde.org>

1 files changed, 7 insertions, 1 deletions

diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index d5f5de10a2..ec771e1f49 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -163,12 +163,18 @@ QT_BEGIN_NAMESPACE
     possibility that an attacker could inject plaintext into the SSL session.
     \value SslOptionDisableSessionSharing Disables SSL session sharing via
     the session ID handshake attribute.
+    \value SslOptionDisableSessionPersistence Disables storing the SSL session
+    in ASN.1 format as returned by QSslConfiguration::session(). Enabling
+    this feature adds memory overhead of approximately 1K per used session
+    ticket.
 
     By default, SslOptionDisableEmptyFragments is turned on since this causes
     problems with a large number of servers. SslOptionDisableLegacyRenegotiation
     is also turned on, since it introduces a security risk.
     SslOptionDisableCompression is turned on to prevent the attack publicised by
-    CRIME. The other options are turned off.
+    CRIME.
+    SslOptionDisableSessionPersistence is turned on to optimize memory usage.
+    The other options are turned off.
 
     Note: Availability of above options depends on the version of the SSL
     backend in use.