620401f193
After Gmail called out the typo I fixed on
532d89a866, I've decided to paste the
whole man page into Google docs and check what other issues it would
spot.
I know, it sounds silly, but I've just spent the last hour and a half
going over each one of them and fixing everything which was a true
finding and non-controversial.
Closes #17480
1.3 KiB
| c | SPDX-License-Identifier | Long | Arg | Protocols | Help | Added | Category | Multi | See-also | Example | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. | curl | ssl-sessions | <filename> | TLS | Load/save SSL session tickets from/to this file | 8.12.0 | tls | single |
|
|
--ssl-sessions
Use the given file to load SSL session tickets into curl's cache before starting any transfers. At the end of a successful curl run, the cached SSL sessions tickets are saved to the file, replacing any previous content.
The file does not have to exist, but curl reports an error if it is unable to create it. Unused loaded tickets are saved again, unless they get replaced or purged from the cache for space reasons.
Using a session file allows --tls-earlydata to send the first request
in "0-RTT" mode, should an SSL session with the feature be found. Note that
a server may not support early data. Also note that early data does
not provide forward secrecy, e.g. is not as secure.
The SSL session tickets are stored as base64 encoded text, each ticket on its own line. The hostnames are cryptographically salted and hashed. While this prevents someone from easily seeing the hosts you contacted, they could still check if a specific hostname matches one of the values.