diff options
author | Peter Hartmann <phartmann@blackberry.com> | 2013-04-30 14:48:22 +0200 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-05-10 09:15:55 +0200 |
commit | 3be197881f100d1c3c8f3ce00501d7a32eb51119 (patch) | |
tree | f37ff774e4182560f45f9a2c85efe25bf43cce3f /src/network/ssl/qssl.cpp | |
parent | 2116f9904afca7b3942433269b66a9756d5876bc (diff) |
QSslConfiguration: add API to persist and resume SSL sessions
Session tickets can be cached on the client side for hours (e.g.
graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the
server does not need to maintain state.
We need public API for it so an application can cache the session (e.g.
to disk) and resume a session already with the 1st handshake, saving
one network round trip.
Task-number: QTBUG-20668
Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network/ssl/qssl.cpp')
-rw-r--r-- | src/network/ssl/qssl.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index d5f5de10a2..ec771e1f49 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -163,12 +163,18 @@ QT_BEGIN_NAMESPACE possibility that an attacker could inject plaintext into the SSL session. \value SslOptionDisableSessionSharing Disables SSL session sharing via the session ID handshake attribute. + \value SslOptionDisableSessionPersistence Disables storing the SSL session + in ASN.1 format as returned by QSslConfiguration::session(). Enabling + this feature adds memory overhead of approximately 1K per used session + ticket. By default, SslOptionDisableEmptyFragments is turned on since this causes problems with a large number of servers. SslOptionDisableLegacyRenegotiation is also turned on, since it introduces a security risk. SslOptionDisableCompression is turned on to prevent the attack publicised by - CRIME. The other options are turned off. + CRIME. + SslOptionDisableSessionPersistence is turned on to optimize memory usage. + The other options are turned off. Note: Availability of above options depends on the version of the SSL backend in use. |