Class SSL.Session
- Description
The most important information in a session object is a choice of encryption algorithms and a "master secret" created by keyexchange with a client. Each connection can either do a full key exchange to established a new session, or reuse a previously established session. That is why we have the session abstraction and the session cache. Each session is used by one or more connections, in sequence or simultaneously.
It is also possible to change to a new session in the middle of a connection.
- Variable
cert_data
mapping|zeroSSL.Session.cert_data- Description
Information about the certificate in use by the peer, such as issuing authority, and verification status.
- Variable
certificate_chain
array(string(8bit))|zeroSSL.Session.certificate_chain- Description
Our certificate chain
- Variable
cipher_spec
Cipher.CipherSpec|zeroSSL.Session.cipher_spec- Description
Information about the encryption method derived from the cipher_suite.
- Variable
cipher_suite
intSSL.Session.cipher_suite- Description
Constant defining a choice of keyexchange, encryption and mac algorithm.
- Variable
compression_algorithm
int|zeroSSL.Session.compression_algorithm- Description
Always COMPRESSION_null.
- Variable
curve
Crypto.ECC.Curve|zeroSSL.Session.curve- Description
The ECC curve selected by the key exchange.
KE_ecdh_ecdsaThe curve from the server certificate.
KE_ecdh_rsaKE_ecdhe_ecdsaThe curve selected for the ECDHE key exchange (typically the largest curve supported by both the client and the server).
KE_ecdhe_rsaKE_ecdh_anon
- Variable
ecc_curves
array(int) SSL.Session.ecc_curves- Description
Supported elliptical curve cipher curves in order of preference.
- Variable
ecc_point_format
intSSL.Session.ecc_point_format- Description
The selected elliptical curve point format.
- Note
May be
-1to indicate that there's no supported overlap between the server and client.
- Variable
encrypt_then_mac
intSSL.Session.encrypt_then_mac- Description
Negotiated encrypt-then-mac mode.
- Variable
extended_master_secret
boolSSL.Session.extended_master_secret- Description
Indicates that the connection uses the Extended Master Secret method of deriving the master secret.
This setting is only relevant for TLS 1.2 and earlier.
- Variable
ffdhe_groups
array(int)|zeroSSL.Session.ffdhe_groups- Description
Supported finite field diffie-hellman groups in order of preference.
int(0)Zero indicates that none have been specified.
array(zero)The empty array indicates that none are supported.
array(int)List of supported groups, with the most preferred first.
- Variable
heartbeat_mode
HeartBeatModeTypeSSL.Session.heartbeat_mode- Description
Heartbeat mode.
- Variable
identity
string(8bit)|zeroSSL.Session.identity- Description
Identifies the session to the server
- Variable
last_activity
intSSL.Session.last_activity- Description
When this session object was used last.
- Variable
master_secret
string(8bit)|zeroSSL.Session.master_secret- Description
48 byte secret shared between the client and the server. Used for deriving the actual keys.
- Variable
max_packet_size
intSSL.Session.max_packet_size- Description
The max fragment size requested by the client.
- Variable
peer_certificate_chain
array(string(8bit))|zeroSSL.Session.peer_certificate_chain- Description
The peer certificate chain
- Variable
peer_public_key
Crypto.Sign.State|zeroSSL.Session.peer_public_key- Description
The peer's public key (from the certificate).
- Variable
private_key
Crypto.Sign.State|zeroSSL.Session.private_key- Description
Our private key.
- Variable
server_name
string(8bit)|zeroSSL.Session.server_name- Description
RFC 6066 section 3.1 (SNI)
- Variable
signature_algorithms
array(int) SSL.Session.signature_algorithms- Description
The set of <hash, signature> combinations supported by the peer.
Only used with TLS 1.2 and later.
Defaults to the settings from RFC 5246 section 7.4.1.4.1.
- Variable
ticket
string(8bit)|zeroSSL.Session.ticket- Description
Alternative identification of the session to the server.
- See also
- Variable
ticket_expiry_time
int|zeroSSL.Session.ticket_expiry_time- Description
Expiry time for ticket.
- Variable
truncated_hmac
boolSSL.Session.truncated_hmac- Description
Indicates that the packet HMACs should be truncated to the first 10 bytes (80 bits). Cf RFC 3546 section 3.5.
- Variable
version
ProtocolVersion|zeroSSL.Session.version- Description
Negotiated protocol version.