Skip to main content

Module session_cache

Module session_cache 

Source
Available on crate feature std only.
Expand description

0-RTT Session Resumption

Analogous to TLS session tickets / QUIC 0-RTT:

  • First connection: a full PQC handshake establishes the session and stores a ResumptionTicket (server-side) keyed by session_id.
  • Later connection: the client presents the ticket’s session id + binder, and the server can accept 0-RTT early-data folded into the first ClientHello.

Each ticket is single-use (SessionCache::try_resume / SessionCache::remove consume it), the anti-replay guarantee for 0-RTT early-data. Forward secrecy of the post-handshake session always comes from the fresh hybrid KEM run on every connect — never from the long-lived resumption_secret, which only seeds the best-effort early-data key.

A bounded LRU cache (default 64 entries, 1-hour lifetime) caps memory — important for constrained / IoT servers.

Structs§

ResumptionTicket
Resumption ticket — stored after a successful handshake. Single-use: SessionCache::try_resume removes the ticket on the first lookup, which is the one-shot anti-replay guarantee for 0-RTT early-data (Phase 4.1).
SessionCache
LRU Session Cache with eviction

Type Aliases§

SessionId
Session ID type