Add support of TLS session tickets with KES server (#14577)

Reduce overhead for communication between MinIO server and KES server.
This commit is contained in:
Anis Elleuch 2022-03-18 23:14:10 +01:00 committed by GitHub
parent 61eb9d4e29
commit b20ecc7b54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -27,6 +27,10 @@ import (
"github.com/minio/kes" "github.com/minio/kes"
) )
const (
tlsClientSessionCacheSize = 100
)
// Config contains various KMS-related configuration // Config contains various KMS-related configuration
// parameters - like KMS endpoints or authentication // parameters - like KMS endpoints or authentication
// credentials. // credentials.
@ -59,9 +63,10 @@ func NewWithConfig(config Config) (KMS, error) {
copy(endpoints, config.Endpoints) copy(endpoints, config.Endpoints)
client := kes.NewClientWithConfig("", &tls.Config{ client := kes.NewClientWithConfig("", &tls.Config{
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
Certificates: []tls.Certificate{config.Certificate}, Certificates: []tls.Certificate{config.Certificate},
RootCAs: config.RootCAs, RootCAs: config.RootCAs,
ClientSessionCache: tls.NewLRUClientSessionCache(tlsClientSessionCacheSize),
}) })
client.Endpoints = endpoints client.Endpoints = endpoints
return &kesClient{ return &kesClient{