Skip to content
Snippets Groups Projects

daemon/tls: use GNUTLS_NO_TICKETS_TLS12

Merged daemon/tls: use GNUTLS_NO_TICKETS_TLS12
tls12-no-tickets into master
All threads resolved!
Merged Oto Šťáva requested to merge tls12-no-tickets into master
All threads resolved!
Viewing commit ab03ab13
Show latest version
1 file
+ 2
2
Preferences
Compare changes
daemon/bindings/net_tlssrv.rst
+ 2
2
@@ -121,10 +121,10 @@ by a trusted CA. This is done using function :c:func:`net.tls()`.
`secret leaks eventually <pfs_>`_.
.. warning:: **Setting the secret is probably too risky with TLS <= 1.2 and
GnuTLS < 3.6.5**. GnuTLS 3.6.5 adds an option to disable resumption via
GnuTLS < 3.7.5**. GnuTLS 3.7.5 adds an option to disable resumption via
tickets for TLS <= 1.2, enabling them only for protocols that do guarantee
`PFS <pfs_>`_. Knot Resolver makes use of this new option when linked
against GnuTLS >= 3.6.5.
against GnuTLS >= 3.7.5.
.. function:: net.tls_sticket_secret_file([string with path to a file containing pre-shared secret])