X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=main.go;h=69448ce2a66f53860064e9bde6ba3c0b4ed0f73c;hb=bcec03384492a541a07bf0ab67c02d5277258752;hp=ac80e2a80b92ee73ca76ef779532783bb0c1239a;hpb=e0874503d7bc16fb92ca0cd9bcd21a437fafd77e;p=tofuproxy.git

diff --git a/main.go b/main.go
index ac80e2a..69448ce 100644
--- a/main.go
+++ b/main.go
@@ -46,6 +46,7 @@ var (
 		TLSNextProto:      make(map[string]func(string, *tls.Conn) http.RoundTripper),
 		DialTLSContext:    dialTLS,
 	}
+	sessionCache = tls.NewLRUClientSessionCache(1024)
 
 	CmdDWebP = "dwebp"
 	CmdDJXL  = "djxl"
@@ -60,6 +61,7 @@ func dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
 		) error {
 			return verifyCert(host, nil, rawCerts, verifiedChains)
 		},
+		ClientSessionCache: sessionCache,
 	}
 	conn, dialErr := tls.Dial(network, addr, &cfg)
 	if dialErr != nil {
@@ -81,13 +83,17 @@ func dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
 		}
 	}
 	connState := conn.ConnectionState()
-	sinkTLS <- fmt.Sprintf(
+	msg := fmt.Sprintf(
 		"%s\t%s %s\t%s",
 		strings.TrimSuffix(addr, ":443"),
 		ucspi.TLSVersion(connState.Version),
 		tls.CipherSuiteName(connState.CipherSuite),
 		spkiHash(connState.PeerCertificates[0]),
 	)
+	if connState.DidResume {
+		msg += "\tresumed"
+	}
+	sinkTLS <- msg
 	return conn, nil
 }