Pike v8.1 release 6

Class SSL.Session

Description

The most important information in a session object is a choice of encryption algorithms and a "master secret" created by keyexchange with a client. Each connection can either do a full key exchange to established a new session, or reuse a previously established session. That is why we have the session abstraction and the session cache. Each session is used by one or more connections, in sequence or simultaneously.

It is also possible to change to a new session in the middle of a connection.


Variable cert_data

mapping SSL.Session.cert_data

Description

Information about the certificate in use by the peer, such as issuing authority, and verification status.


Variable certificate_chain

array(string(8bit)) SSL.Session.certificate_chain

Description

Our certificate chain


Variable cipher_spec

Cipher.CipherSpec SSL.Session.cipher_spec

Description

Information about the encryption method derived from the cipher_suite.


Variable cipher_suite

int SSL.Session.cipher_suite

Description

Constant defining a choice of keyexchange, encryption and mac algorithm.


Variable compression_algorithm

int SSL.Session.compression_algorithm

Description

Always COMPRESSION_null.


Variable curve

Crypto.ECC.Curve SSL.Session.curve

Description

The ECC curve selected by the key exchange.

KE_ecdh_ecdsa

The curve from the server certificate.

KE_ecdh_rsa
KE_ecdhe_ecdsa

The curve selected for the ECDHE key exchange (typically the largest curve supported by both the client and the server).

KE_ecdhe_rsa
KE_ecdh_anon

Variable ecc_curves

array(int) SSL.Session.ecc_curves

Description

Supported elliptical curve cipher curves in order of preference.


Variable ecc_point_format

int SSL.Session.ecc_point_format

Description

The selected elliptical curve point format.

Note

May be -1 to indicate that there's no supported overlap between the server and client.


Variable encrypt_then_mac

int SSL.Session.encrypt_then_mac

Description

Negotiated encrypt-then-mac mode.


Variable extended_master_secret

bool SSL.Session.extended_master_secret

Description

Indicates that the connection uses the Extended Master Secret method of deriving the master secret.

This setting is only relevant for TLS 1.2 and earlier.


Variable ffdhe_groups

array(int) SSL.Session.ffdhe_groups

Description

Supported finite field diffie-hellman groups in order of preference.

int(0..0)

Zero indicates that none have been specified.

array(zero)

The empty array indicates that none are supported.

array(int)

List of supported groups, with the most preferred first.


Variable heartbeat_mode

HeartBeatModeType SSL.Session.heartbeat_mode

Description

Heartbeat mode.


Variable identity

string(8bit) SSL.Session.identity

Description

Identifies the session to the server


Variable last_activity

int SSL.Session.last_activity

Description

When this session object was used last.


Variable master_secret

string(8bit) SSL.Session.master_secret

Description

48 byte secret shared between the client and the server. Used for deriving the actual keys.


Variable max_packet_size

int SSL.Session.max_packet_size

Description

The max fragment size requested by the client.


Variable peer_certificate_chain

array(string(8bit)) SSL.Session.peer_certificate_chain

Description

The peer certificate chain


Variable peer_public_key

Crypto.Sign.State SSL.Session.peer_public_key

Description

The peer's public key (from the certificate).


Variable private_key

Crypto.Sign.State SSL.Session.private_key

Description

Our private key.


Variable server_name

string(8bit) SSL.Session.server_name

Description

RFC 6066 section 3.1 (SNI)


Variable signature_algorithms

array(array(int)) SSL.Session.signature_algorithms

Description

The set of <hash, signature> combinations supported by the peer.

Only used with TLS 1.2 and later.

Defaults to the settings from RFC 5246 section 7.4.1.4.1.


Variable ticket

string(8bit) SSL.Session.ticket

Description

Alternative identification of the session to the server.

See also

RFC 4507, RFC 5077


Variable ticket_expiry_time

int SSL.Session.ticket_expiry_time

Description

Expiry time for ticket.


Variable truncated_hmac

bool SSL.Session.truncated_hmac

Description

Indicates that the packet HMACs should be truncated to the first 10 bytes (80 bits). Cf RFC 3546 section 3.5.


Variable version

ProtocolVersion SSL.Session.version

Description

Negotiated protocol version.