On Fri, Sep 11, 2009 at 11:14:18AM +1000, Andrew Sumner wrote:
> Hi David,
>
> Thanks, you've saved me from tons of frustration and wasted time chasing an
> unworkable solution. The proxy idea sounds very promising, I'll check it
> out.
You should be able to cleanly shut-down SSL on both sides, and
resume in a new process, provided the application protocol has
a clean session termination phase.
For example, implementing an application level "STOPTLS" verb that
the initiator may request and the responder must confirm, after which
both sides tear down TLS. The connection stays open, and the initiator
may follow-up with a "client HELLO" to resume SSL.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
