SetSessionTicketKeys updates the session ticket keys for a server. The first key will be used when creating new tickets, while all keys can be used for decrypting tickets. It is safe to call this function while the server is running in order to rotate the session ticket keys. The function will pani
(keys [][32]byte)
| 1133 | // previously recorded and future TLS connections using those keys might be |
| 1134 | // compromised. |
| 1135 | func (c *Config) SetSessionTicketKeys(keys [][32]byte) { |
| 1136 | if len(keys) == 0 { |
| 1137 | panic("tls: keys must have at least one key") |
| 1138 | } |
| 1139 | |
| 1140 | newKeys := make([]ticketKey, len(keys)) |
| 1141 | for i, bytes := range keys { |
| 1142 | newKeys[i] = c.ticketKeyFromBytes(bytes) |
| 1143 | } |
| 1144 | |
| 1145 | c.mutex.Lock() |
| 1146 | c.sessionTicketKeys = newKeys |
| 1147 | c.mutex.Unlock() |
| 1148 | } |
| 1149 | |
| 1150 | func (c *Config) rand() io.Reader { |
| 1151 | r := c.Rand |
nothing calls this directly
no test coverage detected