tls: add support for client-side session resumption. (#4791)

Risk Level: Low Testing: bazel test //test/... Signed-off-by: Piotr Sikora <piotrsikora@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 97fa8855d115aed81ebe423135b8f023f41f64a7
6 years ago · be02370dc5
parent 7e1046a957
commit be02370dc5
1 changed files with 6 additions and 0 deletions
--- a/envoy/api/v2/auth/cert.proto
+++ b/envoy/api/v2/auth/cert.proto
@ -293,6 +293,12 @@ message UpstreamTlsContext {
  //
  //   TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
  bool allow_renegotiation = 3;
+
+  // Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
+  // for TLSv1.2 and older) to store for the purpose of session resumption.
+  //
+  // Defaults to 1, setting this to 0 disables session resumption.
+  google.protobuf.UInt32Value max_session_keys = 4;
 }

 message DownstreamTlsContext {