Hey,
I wanted to store sessions to a file (on the server side), every time a
session is negotiated, and then eventually read that file for the presence
of a particular session. If the session is present, I would like to do an
abbreviated handshake, i.e. session resumption.
So, basically maintaini
On Mon, Aug 11, 2014 at 6:00 PM, Viktor Dukhovni
wrote:
> No, generally you re-use previously generated keys, otherwise you
> lose much of the advantage of "stateless resumption". However,
> along with each keyset you associated some suitable TTL, and you
> stop signing new sessions with a keyset
On Mon, Aug 11, 2014 at 05:13:00PM +0200, DEXTER wrote:
> > Sesssion tickets should NOT be stored on the server side, only the
> > encryption keys are stored, these should be rotated from time to
> > time. Postfix rotates the encryption keys once an hour, but stores
> > two sets of keys, the prev
On Mon, Aug 11, 2014 at 4:09 PM, Viktor Dukhovni
wrote:
> Salt the session lookup key with all destination-specific and
> security-relevant parameters. The Postfix SMTP client uses:
>
> ip, port, destination domain, mx hostname, server helo name,
> protocol mask (SSL_OP_NO_SSLv2 | ...), c
On Mon, Aug 11, 2014 at 01:48:34PM +0200, DEXTER wrote:
> 1. If I want session caching on the client side, I have to store the
> session manually, to be able to retrieve it when the client connects
> to a server and use SSL_set_session() with the stored session.
Correct so far.
> The question i
Hi,
I have two questions about how openssl handles session caching.
1.
If I want session caching on the client side, I have to store the
session manually, to be able to retrieve it when the client connects
to a server and use SSL_set_session() with the stored session.
The question is, how should
ther implementations of a session cache still the
best route?
Any advice is appreciated,
Scott.
Ignore this - was not using v3, sorry.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Greetings,
I recently ran into an issue where the user-defined session cache
functions are not being called. I had a look at latest snapshot running
openssl s_server -ext_cache which also seems to exhibit the problem.
The problem seems to be in ssl/ssl_sess.c around line 457:
r
above behavior ( empty session id ) is found with i.e openssl
> 0.9.8j
> > and openssl 0.9.8k. i verified with other version 0.9.8g , 0.9.8h ,
> 0.9.8i
> > works fine.
> >
> > It seems server side is not sending the session id as part of the initial
> > hell
n 0.9.8g , 0.9.8h , 0.9.8i
> works fine.
>
> It seems server side is not sending the session id as part of the initial
> hello, and as a result, the session caching is not working. When there is no
> session id, client simply discards that session and not cache it.
>
> Does an
Hi,
Below are the steps to reproduce the issue with openssl 0.9.8k
Server ::
./openssl s_server -cert server.pem
Client ::
./openssl s_client -debug -msg -state -sess_out /tmp/session.out
In the above case when we write the session to session.out , the output
shows the session id :
Hi,
Below are the steps to reproduce the issue with openssl 0.9.8k
Server ::
./openssl s_server -cert server.pem
Client ::
./openssl s_client -debug -msg -state -sess_out /tmp/session.out
In the above case when we write the session to session.out , the output
shows the session id :
Hi,
Can I share session cache between two processes that each create its own
SSL_CONTEXT? The two process then simply call
SSL_CTX_set_session_id_context() passing the same sid_ctx?
The following paragraph in the documentation seems to indicate that this
is not safe. Is this true?
http
Hello all!
i spent weekend investigating why my
server
do not cache client sessions in memory cache
;)).
The result was that server do NOT cache
sessions if
it doesn't got close notify from
client.
So to make ir work need whether to make graceful
disconnect or define received shutdown fla
Hello,
I have to develop a simple ssl client. Currently, it works, but to
improve performance, I try to anderstand the session cache client mecanism.
Here is what I have anderstood. Can someone tell me if I'm right ?
After looking in the man page, I see that cache should be enabled with
* Nadav Har'El ([EMAIL PROTECTED]) wrote:
> > The ideal thing for openssl would be to wait until we have a good
> > opportunity to well and truly ignore backwards compatibility and then
> > just uproot the entire caching interface and replace it with something
>
> I understand that backward compat
On Wed, Mar 26, 2003, Geoff Thorpe wrote about "Re: SSL_CTX_free messes with external
session cache":
> IMHO, you're probably better off in the mean time disabling the internal
> caching altogether and implement a coherent model entirely from the
> external callbacks - t
Hi,
* Nadav Har'El ([EMAIL PROTECTED]) wrote:
> Hi,
>
> I noticed that SSL_CTX_free() takes all the sessions in the given CTX's
> internal session cache, and also removes them from the external session cache
> (i.e., calls the delete-session callback).
>
> Why wa
On Wed, Mar 26, 2003, Lutz Jaenicke wrote about "Re: SSL_CTX_free messes with external
session cache":
> Hmm. I extensively use external session caching. But I never call
> SSL_CTX_free(), as my application will terminate in this moment anyway,
> so this oddity went by unno
On Wed, Mar 26, 2003 at 08:25:10PM +0200, Nadav Har'El wrote:
> I noticed that SSL_CTX_free() takes all the sessions in the given CTX's
> internal session cache, and also removes them from the external session cache
> (i.e., calls the delete-session callback).
[Analysis delete
Hi,
I noticed that SSL_CTX_free() takes all the sessions in the given CTX's
internal session cache, and also removes them from the external session cache
(i.e., calls the delete-session callback).
Why was this done? I can't think of a security or a logical explanation to
this, bec
On Mon, Jan 20, 2003 at 06:40:46PM -0800, Tim Xex wrote:
> The man page for SSL_CTX_sess_set_cache_size() says:
>
> "When the maximum number of sessions is reached, no
> more new sessions are added to the cache. New space
> may be added by calling SSL_CTX_flush_sessions(3) to
> remove expired sess
The man page for SSL_CTX_sess_set_cache_size() says:
"When the maximum number of sessions is reached, no
more new sessions are added to the cache. New space
may be added by calling SSL_CTX_flush_sessions(3) to
remove expired sessions."
Is this really true? It appears from the code
(0.9.6g) that
On 09/08/01 01:04 PM, Lutz Jaenicke sat at the `puter and typed:
> On Fri, Sep 07, 2001 at 05:39:52PM -0400, Louis LeBlanc wrote:
> > Now I have another problem. In trying to call
> > SSL_CTX_flush_sessions(ssl_ctx, time(0));
> >
> > I am being blessed with a core dump.
>
> [output deleted]
>
On Fri, Sep 07, 2001 at 05:39:52PM -0400, Louis LeBlanc wrote:
> Now I have another problem. In trying to call
> SSL_CTX_flush_sessions(ssl_ctx, time(0));
>
> I am being blessed with a core dump.
[output deleted]
> I could be wrong, but I think that negative value on the timeout is a
> bad thi
On 09/07/01 08:59 PM, Lutz Jaenicke sat at the `puter and typed:
> I'll be very careful with my answer, as I don't program with threads myself.
> SSL_get1_session() will increment the reference counter, so that when
> the session would be removed otherwise, it will stay available.
> If you call SS
On Fri, Sep 07, 2001 at 12:52:55PM -0400, Louis LeBlanc wrote:
> On 09/07/01 12:03 AM, Lutz Jaenicke sat at the `puter and typed:
> > On Thu, Sep 06, 2001 at 03:16:17PM -0400, Louis LeBlanc wrote:
> > By using SSL_get1_session() the reference count is incremented and therefore
> > the sessions wil
e concurrently) to a single server:
SSL session cache stats:
13 items in the session cache.
14 client connects (SSL_connect()).
14 client connects that finished.
0 client renegotiatations requested.
1 session cache hits.
0 session cache misses.
On Fri, Nov 17, 2000 at 06:06:16PM +0100, Carlos Vicente wrote:
> Anyway, using SDBM and disk caching seems a little bit too complicated
> for my app.
That depends on your app. My application needs to share the information
between independent processes. If you only have one process you may be
bet
On Thu, Nov 16, 2000 at 04:30:53PM +0100, Carlos Vicente wrote:
> I would like to implement session caching in my ssl client.
> Someone mentioned one could use functions d2i/id2_SSL_SESSION() for
> this, but I have no idea how to use them and don't understand the code.
> Could someone explain this
I would like to implement session caching in my ssl client.
Someone mentioned one could use functions d2i/id2_SSL_SESSION() for
this, but I have no idea how to use them and don't understand the code.
Could someone explain this a little bit, or point to some working code
that I could use as an exam
On Mon, Jun 12, 2000 at 04:43:27PM -0700, Arun Venkataraman wrote:
> * By default, how many sessions are cached? Is this number configurable?
SSL_CTX_sess_set_cache_size()
> * What is the approximate memory overhead per session entry in the cache?
That depends on the certificates. For a session
Hello,
I am developing a server side SSL application. I know that you can minimise
renegotiation of SSL connections by using a session cache, which basically
stores info about previously negotiated connections. I also know that the
session-cache timeout is a configurable value.
* By default, how
34 matches
Mail list logo
