)]}' { "commit": "17b30833737b32ecab1f12c105e1b5cae6d49458", "tree": "7e11401bbd5e8ae869badb7c32496bd92b09a8a6", "parents": [ "0b1bb12ce806e69a99ff48e01dd7d1069ca0b173" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sat Jan 28 14:00:32 2017 -0500" }, "committer": { "name": "Adam Langley", "email": "agl@google.com", "time": "Thu Feb 02 19:51:49 2017 +0000" }, "message": "Use a separate timeout scheme for TLS 1.3.\n\nIn TLS 1.2, resumption\u0027s benefits are more-or-less subsumed by False\nStart. TLS 1.2 resumption lifetime is bounded by how much traffic we are\nwilling to encrypt without fresh key material, so the lifetime is short.\nRenewal uses the same key, so we do not allow it to increase lifetimes.\n\nIn TLS 1.3, resumption unlocks 0-RTT. We do not implement psk_ke, so\nresumption incorporates fresh key material into both encrypted traffic\n(except for early data) and renewed tickets. Thus we are both more\nwilling to and more interested in longer lifetimes for tickets. Renewal\nis also not useless. Thus in TLS 1.3, lifetime is bound separately by\nthe lifetime of a given secret as a psk_dhe_ke authenticator and the\nlifetime of the online signature which authenticated the initial\nhandshake.\n\nThis change maintains two lifetimes on an SSL_SESSION: timeout which is\nthe renewable lifetime of this ticket, and auth_timeout which is the\nnon-renewable cliff. It also separates the TLS 1.2 and TLS 1.3 timeouts.\nThe old session timeout defaults and configuration apply to TLS 1.3, and\nwe define new ones for TLS 1.3.\n\nFinally, this makes us honor the NewSessionTicket timeout in TLS 1.3.\nIt\u0027s no longer a \"hint\" in 1.3 and there\u0027s probably value in avoiding\nknown-useless 0-RTT offers.\n\nBUG\u003d120\n\nChange-Id: Iac46d56e5a6a377d8b88b8fa31f492d534cb1b85\nReviewed-on: https://boringssl-review.googlesource.com/13503\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "01433d523901604e8c236574926207826a27f381", "old_mode": 33188, "old_path": "include/openssl/ssl.h", "new_id": "326a82b0f1476a9de997a749449f09b75f77d79d", "new_mode": 33188, "new_path": "include/openssl/ssl.h" }, { "type": "modify", "old_id": "351c1b8923eabbfd42a4c9a4876abc2aec316112", "old_mode": 33188, "old_path": "ssl/handshake_client.c", "new_id": "23a4cffcb12b4397af33db83582d21d31568eef1", "new_mode": 33188, "new_path": "ssl/handshake_client.c" }, { "type": "modify", "old_id": "df8f7a557f257197dd1548b56091e2e06c608365", "old_mode": 33188, "old_path": "ssl/handshake_server.c", "new_id": "8025030256e1a0bb26a508549c53a46499301861", "new_mode": 33188, "new_path": "ssl/handshake_server.c" }, { "type": "modify", "old_id": "2eae6fa0acded11b92f2ae61c05419ae60f24307", "old_mode": 33188, "old_path": "ssl/internal.h", "new_id": "cba14cdd9217670cda6858f802f51c684dffaf0f", "new_mode": 33188, "new_path": "ssl/internal.h" }, { "type": "modify", "old_id": "c9dfdcc1a67940c1caf0c83e5ffd9f54fa12d4a4", "old_mode": 33188, "old_path": "ssl/ssl_asn1.c", "new_id": "4c1ee89adb303d04f5c4f1d0c6a0dc0c45ee7c00", "new_mode": 33188, "new_path": "ssl/ssl_asn1.c" }, { "type": "modify", "old_id": "ded5aef39be0dcee4ce75ec63752d6093deba754", "old_mode": 33188, "old_path": "ssl/ssl_lib.c", "new_id": "851c81f5f4306b8b2297c6821b6a2ac334d6096a", "new_mode": 33188, "new_path": "ssl/ssl_lib.c" }, { "type": "modify", "old_id": "805bd48593811b9f215399e15987479f257f7e67", "old_mode": 33188, "old_path": "ssl/ssl_session.c", "new_id": "5dffc70d38e8e5cf9b31dbf51ff3ca3135182307", "new_mode": 33188, "new_path": "ssl/ssl_session.c" }, { "type": "modify", "old_id": "99e9af2e210993faee54a925cfe5d3a8307dc417", "old_mode": 33188, "old_path": "ssl/ssl_test.cc", "new_id": "41572c42e450d68a8dd40afd41dbc9043bee2739", "new_mode": 33188, "new_path": "ssl/ssl_test.cc" }, { "type": "modify", "old_id": "9192e2e917cac14767a5a6f33ea6d1970a3a692f", "old_mode": 33188, "old_path": "ssl/test/runner/common.go", "new_id": "92f3e15fd23328e1d4a5a2613c0c9fad480093ec", "new_mode": 33188, "new_path": "ssl/test/runner/common.go" }, { "type": "modify", "old_id": "065d23d7604cd8d65059013608d9389653efdeb5", "old_mode": 33188, "old_path": "ssl/test/runner/conn.go", "new_id": "0cc0b38bb7ea950783a5a9f79f0ebe4be7251027", "new_mode": 33188, "new_path": "ssl/test/runner/conn.go" }, { "type": "modify", "old_id": "1fc741fde233c8c7eb5070f87743c98f5641a88e", "old_mode": 33188, "old_path": "ssl/test/runner/handshake_server.go", "new_id": "38925e9b9974262343e421f2a5f6f07121dd3ec5", "new_mode": 33188, "new_path": "ssl/test/runner/handshake_server.go" }, { "type": "modify", "old_id": "5103c5572ac50f04f19a5a29fbf20f71371c737f", "old_mode": 33188, "old_path": "ssl/test/runner/runner.go", "new_id": "8b02c3da69c22895e51ac95f72d7166d2608a28e", "new_mode": 33188, "new_path": "ssl/test/runner/runner.go" }, { "type": "modify", "old_id": "08e4eddd46dd5b0d01802f3ae4c9f137d9eedff3", "old_mode": 33188, "old_path": "ssl/tls13_client.c", "new_id": "74d3646e1560eb5b1666a84e20383524f3ffffeb", "new_mode": 33188, "new_path": "ssl/tls13_client.c" }, { "type": "modify", "old_id": "8a28b13babfbb92ae94e52162dfca273c353ec9e", "old_mode": 33188, "old_path": "ssl/tls13_server.c", "new_id": "80bcf772faf1552a07f45c7623e3c8e4a4031686", "new_mode": 33188, "new_path": "ssl/tls13_server.c" } ] }