Hi, I have two questions about how openssl handles session caching.
1. If I want session caching on the client side, I have to store the session manually, to be able to retrieve it when the client connects to a server and use SSL_set_session() with the stored session. The question is, how should I store the session when the client also uses SNI. Without SNI I could just use ip:port. But when SNI is in use, it can happen that although the client connects to the same ip:port, it will be a completely different ssl connection (because a load balancer rerouted the connection, or it was an apache vhost). So should I always use ip:port-sni to store the session, or what is recommended here? 2. When you use SSL_CTX_set_tlsext_ticket_key_cb (on the server side) to set a callback to use session tickets, and you store those tickets in your own cache, how do you make sure the cache will be emptied regularly (to erase expired tickets)? Does openssl call this cb when its flusing its own cache, or the user must take care to empty its own cache regularly? Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
