TLS session resumption support

diff --git a/doc/index.texi b/doc/index.texi
index 40806995a656fc712e768b81f2a905af6a3c0c2c..62b18bce79029c668c36b2611f21487b2a11017b 100644 (file)
--- a/doc/index.texi
+++ b/doc/index.texi
@@ -89,6 +89,8 @@ creating some kind of complex configuration framework.
 
 @item Optionally DANE-EE check is also made for each domain you visit.
 
+@item TLS session resumption is also supported.
+
 @end itemize
 
 @image{dialog,,,Example dialog,.webp}

diff --git a/main.go b/main.go
index ac80e2a80b92ee73ca76ef779532783bb0c1239a..69448ce2a66f53860064e9bde6ba3c0b4ed0f73c 100644 (file)
--- a/main.go
+++ b/main.go
@@ -46,6 +46,7 @@ var (
                TLSNextProto:      make(map[string]func(string, *tls.Conn) http.RoundTripper),
                DialTLSContext:    dialTLS,
        }
+       sessionCache = tls.NewLRUClientSessionCache(1024)
 
        CmdDWebP = "dwebp"
        CmdDJXL  = "djxl"
@@ -60,6 +61,7 @@ func dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
                ) error {
                        return verifyCert(host, nil, rawCerts, verifiedChains)
                },
+               ClientSessionCache: sessionCache,
        }
        conn, dialErr := tls.Dial(network, addr, &cfg)
        if dialErr != nil {
@@ -81,13 +83,17 @@ func dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
                }
        }
        connState := conn.ConnectionState()
-       sinkTLS <- fmt.Sprintf(
+       msg := fmt.Sprintf(
                "%s\t%s %s\t%s",
                strings.TrimSuffix(addr, ":443"),
                ucspi.TLSVersion(connState.Version),
                tls.CipherSuiteName(connState.CipherSuite),
                spkiHash(connState.PeerCertificates[0]),
        )
+       if connState.DidResume {
+               msg += "\tresumed"
+       }
+       sinkTLS <- msg
        return conn, nil
 }