feat: add TLS session cache for conn resumption

Automatically configure TLS `ClientSessionCache`
on HTTP transports to enable session ticket reuse.
This reduces TLS handshake overhead from 2-RTT to
1-RTT on reconnection and avoids repeated
asymmetric crypto ops.

Default cache size is 1024 entries per transport.
Configurable via `Options.TLSSessionCacheSize`.

Closes #506.

Signed-off-by: Dwi Siswanto <[email protected]>

Author: dwisiswant0

client.go

@@ -63,30 +63,36 @@ type Options struct {
 	HttpClient *http.Client
 	// Trace enables tracing of the HTTP request
 	Trace bool
+	// TLSSessionCacheSize specifies the size of the TLS session cache.
+	//
+	// If less than or equal to zero, defaults to 1024.
+	TLSSessionCacheSize int
 }
 
 // DefaultOptionsSpraying contains the default options for host spraying
 // scenarios where lots of requests need to be sent to different hosts.
 var DefaultOptionsSpraying = Options{
-	RetryWaitMin:    1 * time.Second,
-	RetryWaitMax:    30 * time.Second,
-	Timeout:         30 * time.Second,
-	RetryMax:        5,
-	RespReadLimit:   4096,
-	KillIdleConn:    true,
-	NoAdjustTimeout: true,
+	RetryWaitMin:        1 * time.Second,
+	RetryWaitMax:        30 * time.Second,
+	Timeout:             30 * time.Second,
+	RetryMax:            5,
+	RespReadLimit:       4096,
+	KillIdleConn:        true,
+	NoAdjustTimeout:     true,
+	TLSSessionCacheSize: 1024,
 }
 
 // DefaultOptionsSingle contains the default options for host bruteforce
 // scenarios where lots of requests need to be sent to a single host.
 var DefaultOptionsSingle = Options{
-	RetryWaitMin:    1 * time.Second,
-	RetryWaitMax:    30 * time.Second,
-	Timeout:         30 * time.Second,
-	RetryMax:        5,
-	RespReadLimit:   4096,
-	KillIdleConn:    false,
-	NoAdjustTimeout: true,
+	RetryWaitMin:        1 * time.Second,
+	RetryWaitMax:        30 * time.Second,
+	Timeout:             30 * time.Second,
+	RetryMax:            5,
+	RespReadLimit:       4096,
+	KillIdleConn:        false,
+	NoAdjustTimeout:     true,
+	TLSSessionCacheSize: 1024,
 }
 
 // NewClient creates a new Client with default settings.
@@ -105,6 +111,11 @@ func NewClient(options Options) *Client {
 		return nil
 	}
 
+	if options.HttpClient == nil && options.TLSSessionCacheSize > 0 {
+		applyTLSSessionCache(httpclient, options.TLSSessionCacheSize)
+		applyTLSSessionCache(httpclient2, options.TLSSessionCacheSize)
+	}
+
 	var retryPolicy CheckRetry
 	var backoff Backoff
 

http.go

@@ -41,6 +41,7 @@ func DefaultReusePooledTransport() *http.Transport {
 		MaxIdleConnsPerHost:    100,
 		MaxResponseHeaderBytes: 4096, // net/http default is 10Mb
 		TLSClientConfig: &tls.Config{
+			ClientSessionCache: tls.NewLRUClientSessionCache(1024),
 			Renegotiation:      tls.RenegotiateOnceAsClient, // Renegotiation is not supported in TLS 1.3 as per docs
 			InsecureSkipVerify: true,
 			MinVersion:         tls.VersionTLS10,
@@ -76,6 +77,19 @@ func DefaultPooledClient() *http.Client {
 	}
 }
 
+// applyTLSSessionCache configures the TLS session cache size for an
+// [http.Client].
+//
+// It only applies if the client has an [http.Transport] with a
+// TLSClientConfig.
+func applyTLSSessionCache(client *http.Client, size int) {
+	if transport, ok := client.Transport.(*http.Transport); ok {
+		if transport.TLSClientConfig != nil {
+			transport.TLSClientConfig.ClientSessionCache = tls.NewLRUClientSessionCache(size)
+		}
+	}
+}
+
 var (
 	fdInit = &sync.Once{}
 	fd     *fastdialer.Dialer