@@ -5,23 +5,36 @@ in the initial connection. This mechanism avoids the need for server-side
55session cache. If the server doesn't use the ticket, for any reason (failure
66to decrypt it, it's too old, etc.), it will create a new session and send a new
77ticket. See [ RFC 5077] [ ] for more information.
8+ 服务器加密整个会话状态,并将其发送给客户端,被称为“票据(ticket)”。当需要复用会话时,客户端
9+ 在握手阶段将ticket发送给服务器。这种机制的优点是服务器端不需要缓存会话状态。如果基于任何
10+ 原因(包括解密ticket内容失败,ticket信息超时等情况),服务器不使用ticket,则会新建一个会话,并
11+ 发送新的ticket给客户端,详见[ RFC 5077] [ ] 。
812
913Resumption using session tickets is becoming commonly supported by many web
1014browsers when making HTTPS requests.
15+ 基于tickets的会话复用方式正在被越来越多的主流浏览器支持。
1116
1217For Node.js, clients use the same APIs for resumption with session identifiers
1318as for resumption with session tickets. For debugging, if
1419[ ` tls.TLSSocket.getTLSTicket() ` ] [ ] returns a value, the session data contains a
1520ticket, otherwise it contains client-side session state.
21+ 在Node.js中,客户端的两种会话复用使用相同的API。在调试时,如果[ ` tls.TLSSocket.getTLSTicket() ` ] [ ]
22+ 返回了会话信息,并且会话信息中包含ticket,则使用了Session Ticket会话复用,
23+ 否则使用了Session ID会话复用。
1624
1725With TLSv1.3, be aware that multiple tickets may be sent by the server,
1826resulting in multiple ` 'session' ` events, see [ ` 'session' ` ] [ ] for more
1927information.
28+ 在TLS1.3中,需要注意服务器可能会发送多个ticket,这会触发多个` 'session' ` 事件,详见[ ` 'session' ` ] [ ]
29+ 事件中的介绍。
2030
2131Single process servers need no specific implementation to use session tickets.
2232To use session tickets across server restarts or load balancers, servers must
2333all have the same ticket keys. There are three 16-byte keys internally, but the
2434tls API exposes them as a single 48-byte buffer for convenience.
35+ 单个服务器使用session ticket会话复用不需要特别的实现,但如果需要在服务器重启后或者在使用
36+ 负载均衡的情况下,任然能够复用成功,则所有服务器必须要使用相同的密钥来生成ticket。这个密钥
37+ 由三个16字节的密钥组成,但在API实现中,为了方便使用了一个48字节的缓存保存。
2538
2639Its possible to get the ticket keys by calling [ ` server.getTicketKeys() ` ] [ ] on
2740one server instance and then distribute them, but it is more reasonable to
@@ -30,6 +43,7 @@ securely generate 48 bytes of secure random data and set them with the
3043regenerated and server's keys can be reset with
3144[ ` server.setTicketKeys() ` ] [ ] .
3245
46+
3347Session ticket keys are cryptographic keys, and they *** must be stored
3448securely*** . With TLS 1.2 and below, if they are compromised all sessions that
3549used tickets encrypted with them can be decrypted. They should not be stored
0 commit comments