💾 Archived View for bbs.geminispace.org › u › ps › 22698 captured on 2024-12-17 at 15:22:59. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "Interesting, how does Lagrange client implement TLS session..."
In Lagrange, I'm storing the active client certificate fingerprint together with the cached sessions, so that the session is only reused if the client certificate stays the same.
it seems that my implementetion with Glib restrict low-level features, suppose one time I should change TLS backend to make something same. thanks for info!
I do recommend reading the actual protocol documentation, it will make a lot of it easier.
ha, I'm reading it every day like a bible
Dec 11 · 6 days ago
The old spec[1] explicitely stated, under "1 Overview", that connections cannot be reused. The new one[2] is not as explicit but does mention that "Upon sending the complete response (which may include content), the server closes the connection and MUST use the TLS close_notify mechanism"; so it sounds like reusing connections goes against the protocol.
I recommend implementing RTT0 too (while being careful about replay attacks). Not many servers support it, but it makes things pretty snappy when it works.
🕹️ skyjake [mod...] · Dec 11 at 18:25:
Also to clarify, we are talking about TLS session resumption, which does not mean you keep any connection open to the server, but instead just remember the previous handshake so a subsequent new connection can be opened faster.
Thanks @skyjake, I was indeed confused about that.
Interesting, how does Lagrange client implement TLS session resumption? I found that path-relative certificate authorization requires turn it off, because user can choose the identity at any moment, and when resumption enabled, the old certificate will be applied (on change in runtime). Thoughts, running the handshake on every request maybe is not cool for performance and server response timing. Is it something tricky in this browser or this feature just disabled? Because gemini pages loading...