💾 Archived View for gemini.thegonz.net › glog › 220228-resumeTest.gmi captured on 2022-07-16 at 13:48:07. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2022-03-01)

-=-=-=-=-=-=-

Testing TLS resumption

TLS 1.3 includes nice facilities for reducing the costs of repeated requests to the same server. Many gemini servers support this to one extent or another, but most gemini clients only implement the most costly approach of making a full handshake for each request. I think this is a shame, so to help client authors who may want to implement resuming TLS sessions (and maybe even 0-RTT with early data), I just set up a new service. It simply replies to a request by telling you the kind of handshake mode which was used for the request.

Test TLS resuming

source

UPDATE: Pitfalls

nervuri suggests I shouldn't recommend implementing resumption without discussing the potential problems, and linking to the relevant gitlab issue.

gemini-specification issue on TLS session resumption

My own take (as implemented in diohsc) is that clients should enforce a reasonably short expiry for sessions, to mitigate tracking by server operators across IP address changes of the client, and servers implementing 0-RTT (to my knowledge the test server linked to above is the only one which has) should be careful not to accept the same ticket twice, because this would allow replay attacks.