Cache SSL resumption tokens in necko

RESOLVED FIXED in Firefox 68

Status

()

enhancement
P2
normal
RESOLVED FIXED
2 months ago
Last month

People

(Reporter: michal, Assigned: michal)

Tracking

(Blocks 2 bugs)

Trunk
mozilla68
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox68 fixed)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 attachment)

Assignee

Description

2 months ago

We need to have the cache in necko because the internal cache in NSS won't cache QUIC connections. Memory only cache will land in this bug. Persisting tokens to disk will be implemented later.

Assignee

Comment 1

2 months ago

SSLTokensCache is a simple memory only storage for resumption tokens which are get and set using API for external TLS session caches in NSS.

Updated

2 months ago
Status: NEW → ASSIGNED
Assignee

Comment 2

Last month

After I added the call to SSL_OptionGet, the build fails on all platforms except Linux:

https://treeherder.mozilla.org/#/jobs?repo=try&revision=a25d1b4492622b226f538c8ecce5918e20f9a74f

Dana, do you have an idea what's wrong?

Flags: needinfo?(dkeeler)

Looks like we don't export that symbol when we compile NSS in-tree. You should add SSL_OptionGet right before this line: https://searchfox.org/mozilla-central/rev/197210b8c139b64f642edaa3336d26b9c1761568/security/nss.symbols#667

Flags: needinfo?(dkeeler)
Assignee

Comment 4

Last month

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #3)

Looks like we don't export that symbol when we compile NSS in-tree. You should add SSL_OptionGet right before this line: https://searchfox.org/mozilla-central/rev/197210b8c139b64f642edaa3336d26b9c1761568/security/nss.symbols#667

Thanks, this solved the problem. Do I need a review for this change?

Flags: needinfo?(dkeeler)

Consider this r=me but see also the comment I left in differential about how I don't think it's even necessary to call that function since the callback will never be called if we've disabled session tickets.

Flags: needinfo?(dkeeler)

Actually I just read your response - nevermind, lgtm.

Comment 7

Last month
Pushed by mnovotny@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7fbf58d80879
Cache SSL resumption tokens in necko, r=mayhemer

Comment 8

Last month
bugherder
Status: ASSIGNED → RESOLVED
Closed: Last month
Resolution: --- → FIXED
Target Milestone: --- → mozilla68

Updated

Last month
Blocks: 1550837
You need to log in before you can comment on or make changes to this bug.