On Thu, May 05, 2022 at 02:32:04PM +0200, Theo Buehler wrote: > On Thu, May 05, 2022 at 10:59:45AM +0200, Hiltjo Posthuma wrote: > > Hi, > > > > I have a question how OpenBSD ftp and session resumption works and can be > > enabled or used using the option -S session=somepath . > > > > If I remember correctly this option was added at the time to improve the > > performance of TLS handshakes for fetching OpenBSD packages from HTTPS > > mirrors. > > I'd also like to test if this makes a difference for my use-case. > > > > Is this option currently enabled and working? I haven't been able to see > > session resumption being used when testing uses OpenBSD ftp. > > Yes, it works, but only with TLSv1.2. For TLSv1.3 this needs support for > PSK, which is not currently implemented. > > $ ftp -M -S"session=mysession.pem,protocols=tlsv1.2" > https://www.openbsd.org/index.html > Trying 199.185.178.80... > Requesting https://www.openbsd.org/index.html > 3494 bytes received in 0.00 seconds (9.06 MB/s) > tls session resumed: no > $ ftp -M -S"session=mysession.pem,protocols=tlsv1.2" > https://www.openbsd.org/index.html > Trying 199.185.178.80... > Requesting https://www.openbsd.org/index.html > 3494 bytes received in 0.00 seconds (8.88 MB/s) > tls session resumed: yes >
Thank you for the explanation, This works for me too, -- Kind regards, Hiltjo
