2001-02-05 02:05:27 +08:00
|
|
|
=pod
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
|
|
|
|
long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
|
|
|
|
long SSL_CTX_get_timeout(SSL_CTX *ctx);
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
SSL_CTX_set_timeout() sets the timeout for newly created sessions for
|
|
|
|
B<ctx> to B<t>. The timeout value B<t> must be given in seconds.
|
|
|
|
|
|
|
|
SSL_CTX_get_timeout() returns the currently set timeout value for B<ctx>.
|
|
|
|
|
|
|
|
=head1 NOTES
|
|
|
|
|
|
|
|
Whenever a new session is created, it is assigned a maximum lifetime. This
|
|
|
|
lifetime is specified by storing the creation time of the session and the
|
|
|
|
timeout value valid at this time. If the actual time is later than creation
|
|
|
|
time plus timeout, the session is not reused.
|
|
|
|
|
|
|
|
Due to this realization, all sessions behave according to the timeout value
|
|
|
|
valid at the time of the session negotiation. Changes of the timeout value
|
|
|
|
do not affect already established sessions.
|
|
|
|
|
|
|
|
The expiration time of a single session can be modified using the
|
2015-08-18 03:21:33 +08:00
|
|
|
L<SSL_SESSION_get_time(3)> family of functions.
|
2001-02-05 02:05:27 +08:00
|
|
|
|
|
|
|
Expired sessions are removed from the internal session cache, whenever
|
2015-08-18 03:21:33 +08:00
|
|
|
L<SSL_CTX_flush_sessions(3)> is called, either
|
2001-02-05 02:05:27 +08:00
|
|
|
directly by the application or automatically (see
|
2015-08-18 03:21:33 +08:00
|
|
|
L<SSL_CTX_set_session_cache_mode(3)>)
|
2001-02-05 02:05:27 +08:00
|
|
|
|
2001-08-18 00:36:51 +08:00
|
|
|
The default value for session timeout is decided on a per protocol
|
2015-08-18 03:21:33 +08:00
|
|
|
basis, see L<SSL_get_default_timeout(3)>.
|
2001-08-18 00:36:51 +08:00
|
|
|
All currently supported protocols have the same default timeout value
|
|
|
|
of 300 seconds.
|
2001-02-05 02:05:27 +08:00
|
|
|
|
2022-03-24 06:55:10 +08:00
|
|
|
This timeout value is used as the ticket lifetime hint for stateless session
|
|
|
|
tickets. It is also used as the timeout value within the ticket itself.
|
|
|
|
|
|
|
|
For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
|
|
|
|
seconds).
|
|
|
|
|
|
|
|
For TLSv1.2, tickets generated during an initial handshake use the value
|
|
|
|
as specified. Tickets generated during a resumed handshake have a value
|
|
|
|
of 0 for the ticket lifetime hint.
|
|
|
|
|
2001-02-05 02:05:27 +08:00
|
|
|
=head1 RETURN VALUES
|
|
|
|
|
|
|
|
SSL_CTX_set_timeout() returns the previously set timeout value.
|
|
|
|
|
|
|
|
SSL_CTX_get_timeout() returns the currently set timeout value.
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
2016-11-11 16:33:09 +08:00
|
|
|
L<ssl(7)>,
|
2015-08-18 03:21:33 +08:00
|
|
|
L<SSL_CTX_set_session_cache_mode(3)>,
|
|
|
|
L<SSL_SESSION_get_time(3)>,
|
|
|
|
L<SSL_CTX_flush_sessions(3)>,
|
|
|
|
L<SSL_get_default_timeout(3)>
|
2001-02-05 02:05:27 +08:00
|
|
|
|
2016-05-18 23:44:05 +08:00
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
2022-05-03 18:52:38 +08:00
|
|
|
Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
|
2016-05-18 23:44:05 +08:00
|
|
|
|
2018-12-06 21:04:44 +08:00
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 23:44:05 +08:00
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
=cut
|