Skip to content

Commit ba2d26a

Browse files
Update session_tickets.md
1 parent 8b73b27 commit ba2d26a

1 file changed

Lines changed: 14 additions & 0 deletions

File tree

tls/session_tickets.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,23 +5,36 @@ in the initial connection. This mechanism avoids the need for server-side
55
session cache. If the server doesn't use the ticket, for any reason (failure
66
to decrypt it, it's too old, etc.), it will create a new session and send a new
77
ticket. See [RFC 5077][] for more information.
8+
服务器加密整个会话状态,并将其发送给客户端,被称为“票据(ticket)”。当需要复用会话时,客户端
9+
在握手阶段将ticket发送给服务器。这种机制的优点是服务器端不需要缓存会话状态。如果基于任何
10+
原因(包括解密ticket内容失败,ticket信息超时等情况),服务器不使用ticket,则会新建一个会话,并
11+
发送新的ticket给客户端,详见[RFC 5077][]
812

913
Resumption using session tickets is becoming commonly supported by many web
1014
browsers when making HTTPS requests.
15+
基于tickets的会话复用方式正在被越来越多的主流浏览器支持。
1116

1217
For Node.js, clients use the same APIs for resumption with session identifiers
1318
as for resumption with session tickets. For debugging, if
1419
[`tls.TLSSocket.getTLSTicket()`][] returns a value, the session data contains a
1520
ticket, otherwise it contains client-side session state.
21+
在Node.js中,客户端的两种会话复用使用相同的API。在调试时,如果[`tls.TLSSocket.getTLSTicket()`][]
22+
返回了会话信息,并且会话信息中包含ticket,则使用了Session Ticket会话复用,
23+
否则使用了Session ID会话复用。
1624

1725
With TLSv1.3, be aware that multiple tickets may be sent by the server,
1826
resulting in multiple `'session'` events, see [`'session'`][] for more
1927
information.
28+
在TLS1.3中,需要注意服务器可能会发送多个ticket,这会触发多个`'session'`事件,详见[`'session'`][]
29+
事件中的介绍。
2030

2131
Single process servers need no specific implementation to use session tickets.
2232
To use session tickets across server restarts or load balancers, servers must
2333
all have the same ticket keys. There are three 16-byte keys internally, but the
2434
tls API exposes them as a single 48-byte buffer for convenience.
35+
单个服务器使用session ticket会话复用不需要特别的实现,但如果需要在服务器重启后或者在使用
36+
负载均衡的情况下,任然能够复用成功,则所有服务器必须要使用相同的密钥来生成ticket。这个密钥
37+
由三个16字节的密钥组成,但在API实现中,为了方便使用了一个48字节的缓存保存。
2538

2639
Its possible to get the ticket keys by calling [`server.getTicketKeys()`][] on
2740
one server instance and then distribute them, but it is more reasonable to
@@ -30,6 +43,7 @@ securely generate 48 bytes of secure random data and set them with the
3043
regenerated and server's keys can be reset with
3144
[`server.setTicketKeys()`][].
3245

46+
3347
Session ticket keys are cryptographic keys, and they ***must be stored
3448
securely***. With TLS 1.2 and below, if they are compromised all sessions that
3549
used tickets encrypted with them can be decrypted. They should not be stored

0 commit comments

Comments
 (0)