# Enable it. The default is "no". Deleting the entire "cache"
# subsection also disables caching.
#
+ # As of version 3.0.14, the session cache requires the use
+ # of the "name" and "persist_dir" configuration items, below.
+ #
+ # The internal OpenSSL session cache has been permanently
+ # disabled.
+ #
# You can disallow resumption for a particular user by adding the
# following attribute to the control item list:
#
# If "enable = no" below, you CANNOT enable resumption for just one
# user by setting the above attribute to "yes".
#
- enable = yes
+ enable = no
#
# Lifetime of the cached entries, in hours. The sessions will be
lifetime = 24 # hours
#
- # The maximum number of entries in the
- # cache. Set to "0" for "infinite".
- #
- # This could be set to the number of users
- # who are logged in... which can be a LOT.
- #
- max_entries = 255
-
- #
# Internal "name" of the session cache. Used to
# distinguish which TLS context sessions belong to.
#
cache {
enable = no
lifetime = 24 # hours
- max_entries = 255
+ name = "abfab-tls"
+# persist_dir = ${logdir}/abfab-tls
}
require_client_cert = yes
# Deleting the entire "cache" subsection
# Also disables caching.
#
+ #
+ # As of version 3.0.14, the session cache requires the use
+ # of the "name" and "persist_dir" configuration items, below.
+ #
+ # The internal OpenSSL session cache has been permanently
+ # disabled.
+ #
# You can disallow resumption for a
# particular user by adding the following
# attribute to the control item list:
lifetime = 24 # hours
#
- # The maximum number of entries in the
- # cache. Set to "0" for "infinite".
- #
- # This could be set to the number of users
- # who are logged in... which can be a LOT.
- #
- max_entries = 255
-
- #
# Internal "name" of the session cache.
# Used to distinguish which TLS context
# sessions belong to.
}
/*
- * Cache it, and DON'T auto-clear it.
+ * Cache it, DON'T auto-clear it, and disable the internal OpenSSL session cache.
*/
- SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR);
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR | SSL_SESS_CACHE_NO_INTERNAL);
SSL_CTX_set_session_id_context(ctx,
(unsigned char *) conf->session_context_id,
projects / freeradius.git / commitdiff