Hi. Am 15.02.2018 um 22:42 schrieb Christopher Lane: > Internally, my company uses pregenerated SSL sessions.
Just for my curiosity what is a "pregenerated SSL session" ? What's the use case for this? > I am thinking > about maybe changing haproxy to load and use our sessions. Would there > be interest in some sort of opensource change to allow session loading > as some easy extension/config for haproxy. Like some config > > ssl_get_sessions_from_exe=custom_session_emitter > where custom_session_emitter writes the appropriate ASN1/PEM session > data or some such? > > Or > > ssl_get_sessions_from_file=sessions.pem > > (less good because we encrypt the session data on disk). > > If not, I'll just strive to make my patches clean against the tree, but > if so, I'm happy to contribute the interface. (As far as I can tell, > not many places are using pregenerated sessions, but to do save a lot of > latency). Do you need to handle the session dynamically or only at startup time? > --Chris Nevertheless sounds interesting. Best regards aleks
