Thanks. I didn't knew about this. This will be helpful. I am specifically looking for enabling TLS session resumptions though. Resuming the session with session IDs stored in a cache at server side (the general process of an abbreviated handshake). On Feb 19, 2016 7:50 PM, "Arne Schwabe" <a...@rfc2549.org> wrote:
> > > Am 19.02.16 um 15:00 schrieb Shubham Chauhan: > > Thank you for such a quick reply. > > > > I agree that VPN sessions and SSL sessions are not necessarily the same. > > Let me be more specific with my question for a better discussion. > > > > In an active OpenVPN session, at regular intervals, a full SSL > > handshake takes place (because the SSL session expires). I checked > > this by capturing packets with "openvpn && ssl" filter. > > In my implementation I don't want those regular full SSL negotiations > > to take place. > > It should ideally check if the SSL session key or the session context > > is present in the cache (or some storage place), and if it is present, > > then full handshake should NOT take place. Instead an abbreviated > > handshake should take place which happens during TLS session resumption. > > I am looking for changes in the code that can be made to do this task > > (as minimal as possible). > > > > I understand the use of SSL_OP_NO_TICKET by OpenVPN against the triple > > handshake vulnerability, but my project is really specific and wants > > some specific functionality, which includes Session Resumptions. > > > Note that this interval is defined by --reneg-sec and you can disable > them by setting that to 0. > > Arne >
