Am 19.02.16 um 15:00 schrieb Shubham Chauhan: > Thank you for such a quick reply. > > I agree that VPN sessions and SSL sessions are not necessarily the same. > Let me be more specific with my question for a better discussion. > > In an active OpenVPN session, at regular intervals, a full SSL > handshake takes place (because the SSL session expires). I checked > this by capturing packets with "openvpn && ssl" filter. > In my implementation I don't want those regular full SSL negotiations > to take place. > It should ideally check if the SSL session key or the session context > is present in the cache (or some storage place), and if it is present, > then full handshake should NOT take place. Instead an abbreviated > handshake should take place which happens during TLS session resumption. > I am looking for changes in the code that can be made to do this task > (as minimal as possible). > > I understand the use of SSL_OP_NO_TICKET by OpenVPN against the triple > handshake vulnerability, but my project is really specific and wants > some specific functionality, which includes Session Resumptions. > Note that this interval is defined by --reneg-sec and you can disable them by setting that to 0.
Arne
