From be02370dc545892a3659cf458fae1dbd4ecf950f Mon Sep 17 00:00:00 2001
From: "data-plane-api(CircleCI)" <data-plane-api@users.noreply.github.com>
Date: Mon, 26 Nov 2018 23:52:38 +0000
Subject: [PATCH] tls: add support for client-side session resumption. (#4791)

Risk Level: Low
Testing: bazel test //test/...

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 97fa8855d115aed81ebe423135b8f023f41f64a7
---
 envoy/api/v2/auth/cert.proto | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/envoy/api/v2/auth/cert.proto b/envoy/api/v2/auth/cert.proto
index 6f0eb533..cd1df6b3 100644
--- a/envoy/api/v2/auth/cert.proto
+++ b/envoy/api/v2/auth/cert.proto
@@ -293,6 +293,12 @@ message UpstreamTlsContext {
   //
   //   TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
   bool allow_renegotiation = 3;
+
+  // Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
+  // for TLSv1.2 and older) to store for the purpose of session resumption.
+  //
+  // Defaults to 1, setting this to 0 disables session resumption.
+  google.protobuf.UInt32Value max_session_keys = 4;
 }
 
 message DownstreamTlsContext {