On Sun, Jan 17, 2010 at 01:06:12PM +0100, Dr. Stephen Henson wrote:
> That sounds like the server name indication (SNI) extension which OpenSSL
> supports already.
Except that the client probably does not have a handy name to distinguish
the two servers. Another approach is for the servers to generate session
ids that contain one or two static bytes that uniquely identify the server
(among those sharing the same IP, ...) and for clients to resume sessions
when they need to continue communicating with the original server they
reached.
Some load-balancers automatically do "ssl-sticky" connection management,
where a resumed session is always directed to the same physical server
with which it was first established.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
