On Tue, Jan 30, 2001 at 11:48:07PM +0100, [EMAIL PROTECTED] wrote:
> I seem to be haing a proble with Session Cachin.
>
> I am client onnecting to a HTTP Server which I can not see to get
> session caching going for.
>
> I know that the SSL Server has some quirks and is not u to SPEC.
>
> I use an IAIK SSL implementation under JAVA and know that If I want to
> perform sesion caching with this SSL Server, I need to call a function
> in the SSL_Context to turn on Session caching for closed sessions:
>
> "cache terminated sessions: A boolean value determining whether or not
> to resume sessions that have not been properly shutdown. Per spec this
> should not be done, this exists only to improve performance when
> communicating with bad server implementations."
>
> Is there something like this that I can trun on in OpenSSL (0.9.6)
I am not sure that I understand your request properly.
* You are working on a _client_ using OpenSSL (connecting to some SSL
server making you trouble).
* On this client you want to use session caching.
+ Are you aware the client side sessions are not cached automatically but
that the caching must be explicitly enable with
SSL_set_session_cache_mode(ctx,mode)
and mode being either SSL_SESS_CACHE_CLIENT (for pure client) or
SSL_SESS_CACHE_BOTH (for mixed applications).
+ Are you aware that even a cached session is not automatically reused for
the next SSL_connect() but that you have to call SSL_set_session()
explicitly?
- Once you have taken care of before-mentioned points there may be the
point you mentioned before. I do see two possibilities:
- extract the session before terminating and store it seperatly.
I do use this approach for Postfix/TLS (not for the reason mentioned
but for persistent storage).
- the "correct" closing happens when SSL_shutdown() is being called.
The necessary flag is set whether or not SSL_shutdown() could notify
the peer or not, so the behaviour of the peer should not matter.
(I just cross checked in the source code, did not verify it myself,
but it should work this way :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
