On Thu, May 11, 2006 at 07:54:26PM -0400, Victor Duchovni wrote:
> Is there a way to filter out incompatible sessions via published APIs?
>
> Are new published APIs to allow cipher id comparisons like to materialize
> in the future?
>
> Right now, I may have to build the cipherlist spec into the cache lookup
> key, this will work moderately well in the typical case when most domains
> have the same cipherlist, and the set of override cipherlists is small.
> It is never worse than putting the domain in the lookup key, because
> there is at most one cipherlist per domain, but there can be many domains
> per cipherlist. :-(
FWIW, this is what the code will do, the small number of additional
sessions per IP (scaling with configuration complexity rather than
domain count) is manageable. This better supports absurd, but feasible,
configurations where some domains (served by a commmon server) must use
weak ciphers and other domains must use strong ciphers.
So I guess I don't have to have ABI supported access to the cipher ids,
for now...
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
