From 5a315d38a92791d3ab6f7bd4978295c5591041c8 Mon Sep 17 00:00:00 2001
From: link2xt <link2xt@testrun.org>
Date: Thu, 7 Nov 2024 19:22:19 +0000
Subject: [PATCH] feat: TLS session resumption

---
 src/net/tls.rs | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/net/tls.rs b/src/net/tls.rs
index e8a62d11ab..0ab96be947 100644
--- a/src/net/tls.rs
+++ b/src/net/tls.rs
@@ -2,9 +2,12 @@
 use std::sync::Arc;
 
 use anyhow::Result;
+use once_cell::sync::Lazy;
 
 use crate::net::session::SessionStream;
 
+use tokio_rustls::rustls::client::ClientSessionStore;
+
 pub async fn wrap_tls(
     strict_tls: bool,
     hostname: &str,
@@ -30,6 +33,13 @@ pub async fn wrap_tls(
     }
 }
 
+// This is the default as of version 0.23.16, but make it shared between clients.
+static RESUMPTION_STORE: Lazy<Arc<dyn ClientSessionStore>> = Lazy::new(|| {
+    Arc::new(tokio_rustls::rustls::client::ClientSessionMemoryCache::new(
+        256,
+    ))
+});
+
 pub async fn wrap_rustls(
     hostname: &str,
     alpn: &[&str],
@@ -43,6 +53,14 @@ pub async fn wrap_rustls(
         .with_no_client_auth();
     config.alpn_protocols = alpn.iter().map(|s| s.as_bytes().to_vec()).collect();
 
+    // Enable TLS 1.3 session resumption.
+    //
+    // TLS 1.2 has worse security,
+    // not risking it: <https://words.filippo.io/we-need-to-talk-about-session-tickets/>
+    let resumption = tokio_rustls::rustls::client::Resumption::store(Arc::clone(&RESUMPTION_STORE))
+        .tls12_resumption(tokio_rustls::rustls::client::Tls12Resumption::Disabled);
+    config.resumption = resumption;
+
     let tls = tokio_rustls::TlsConnector::from(Arc::new(config));
     let name = rustls_pki_types::ServerName::try_from(hostname)?.to_owned();
     let tls_stream = tls.connect(name, stream).await?;