> On Jun 8, 2018, at 4:03 AM, Matt Caswell wrote:
>
> I think new_session_cb and remove_session_cb should work in 1.0.2 on
> clients.
This has worked since before 0.9.8.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 08/06/18 10:18, Angus Robertson - Magenta Systems Ltd wrote:
>> The get_session_cb is only ever called for servers. The
>> new_sesion_cb and remove_session_cb can be called for clients and
>> servers.
>>
>> When you refer to the the "TLSv1.3 notes" do you mean this page?
>> https://wiki.open
> The get_session_cb is only ever called for servers. The
> new_sesion_cb and remove_session_cb can be called for clients and
> servers.
>
> When you refer to the the "TLSv1.3 notes" do you mean this page?
> https://wiki.openssl.org/index.php/TLS1.3
Yes, sorry I should have said SSL_CTX_sess_set
1 manual page still starts 'provide callback functions for
> server side external session caching' with no mention of clients.
Ah, good point. That needs fixing. As I said above the new_session_cb
and remove_session_cb can be called for clients.
>
> I'm updating code
I'm reading the TLSv1.3 notes that suggest SSL_CTX_sess_set_get_cb is
called for both clients and servers, but am confused by the
documentation.
The 1.1.1 manual page still starts 'provide callback functions for
server side external session caching' with no mention of clients.
Hello All,
I am facing some issues in an application after migrating from openssl
0.9.8d to openssl-0.9.8r.
In the current application implementation using openssl 0.9.8d, we use
openssl session cache mechanism on the server side by SSL_SESS_CACHE_SERVER
option for the context. Also, the appl
On Mon, Nov 02, 2009, Paul Suhler wrote:
> Hi, everyone.
>
> I'm trying to enable session caching, but my server doesn't seem to send
> a session ID.
>
OpenSSL supports stateless session resumption which doesn't use session IDs.
Well all apart from the latest snap
Hi, everyone.
I'm trying to enable session caching, but my server doesn't seem to send
a session ID.
According to
http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html, all
I have to do is invoke SSL_CTX_set_session_id_context() with a pointer
to a string (or binary dat
Hi Stephen,
>
> Is that a bug or is OpenSSL using stateless session resumption? FF also
> supports that. In that case the session cache is not used.
>
It is somehow related to FF 3.5.x! I tried different 3.0.x builds on windows and
debian, as well as an old seamonkey 1.1.14 and it works all tim
On Sun, Jul 19, 2009, Jan F. Schnellbaecher wrote:
> Hi,
>
> I am using 098h with the non default configure option 'enable-tlsext' and
> have a
> problem with the TLS extension servername in conjunction with ssl session
> caching.
>
> It seems that sessions t
Hi,
I am using 098h with the non default configure option 'enable-tlsext' and have a
problem with the TLS extension servername in conjunction with ssl session
caching.
It seems that sessions that contain the SNI extension will not be cached by
openssl. (I tried with FF 351)
I still have another question, how can I read the reference counter of a
SSL_SESSION object? If I can read it, I could know if another task is
using the SESSION. It could prevent me from deleting the pointer to the
SESSION.
Regards,
Alexis
Alexis Lefort a écrit :
Hello all,
I am doing, i
Hello all,
I am doing, in C language, a SSL client with openSSL 0.9.7g
I have multiple clients (about 10) using the same SSL_CTX and connecting
to 2 different servers. (5 clients on each for example).
I wonder how SSL_get_session, SSL_set_session ans SSL_SESSION_free have
to be used there.
X_sess_set_remove_cb( ctx, RemoveSessionCallBack );
SSL_CTX_sess_set_get_cb( ctx, GetSessionCallBack );
If I don't set these I thought it would uses the default openssl
callbacks for session caching no?
I think you need to set at least one session ID context.
Have a look at functions SSL_CT
SSL_CTX_sess_set_new_cb( ctx, NewSessionCallBack );
> SSL_CTX_sess_set_remove_cb( ctx, RemoveSessionCallBack );
> SSL_CTX_sess_set_get_cb( ctx, GetSessionCallBack );
>
> If I don't set these I thought it would uses the default openssl
> callbacks for session caching no?
I think you n
lBack );
SSL_CTX_sess_set_remove_cb( ctx, RemoveSessionCallBack );
SSL_CTX_sess_set_get_cb( ctx, GetSessionCallBack );
If I don't set these I thought it would uses the default openssl
callbacks for session caching no?
__
OpenS
Hello,
I'm stress-testing a server. My client creates multiple, concurrent,
asynchron socket connections (single thread).
All connections use the same CTX. After successfull ssl handshake
I get the reference of a session by SSL_get1_Session(), connections
try to reuse that session thru SSL_set_ses
Hi,
I'm having a hard time getting server-side session caching to work. The
context is that I'm developing both server (multithreaded) & client (single
threaded) using TLSv1 (OpenSSL 0.9.7a). Server has
SSL_CTX_set_session_id_context() and both client
[EMAIL PROTECTED] wrote:
I am trying to solve a problem for which the "SSL On-Disk Session Caching"
seems to be an appropriate solution. I need confirmation and pointers to
HOW-TO on this subject.
I have a CLI application that connects over SSL to a gSOAP server. I'm
currently expe
On Thu, Apr 08, 2004, [EMAIL PROTECTED] wrote:
> I am trying to solve a problem for which the "SSL On-Disk Session Caching"
> seems to be an appropriate solution. I need confirmation and pointers to
> HOW-TO on this subject.
>
> I have a CLI application that connects o
I am trying to solve a problem for which the "SSL On-Disk Session Caching"
seems to be an appropriate solution. I need confirmation and pointers to
HOW-TO on this subject.
I have a CLI application that connects over SSL to a gSOAP server. I'm
currently experiencing around 7
Geoff Thorpe wrote:
> The hash-database means the only way to
remove expired sessions is to iterate across the entire database!
Or you maintain an auxillary database that maps the expiry time to a
list of session IDs. This could be a btree (perhaps with a bucket of
session IDs, to avoid dulic
On Thursday 31 Oct 2002 8:56 pm, Bear Giles wrote:
> Edward Chan wrote:
> > The default behavior of server-side session caching is
> > to cache session in memory. This is probably not
> > gonna work very well if there are a lot of connections
> > to the server
&g
Edward Chan wrote:
The default behavior of server-side session caching is
to cache session in memory. This is probably not
gonna work very well if there are a lot of connections
to the server
It says to "open file named according to session id".
However, session_id contains non-a
Hi there,
In the book, "Network Security with OpenSSL", it says
to call SSL_CTX_set_session_id_context() to enable
server-side session caching. I have not called this,
but in my client, when I call SSL_get1_session(), I
always get an SSL* back, and the field
session_id_length is alway
On Wed, Aug 15, 2001 at 12:02:54AM -, ganesh kumar godavari wrote:
> i am writting a minimal concurrent ssl server, i am
> planning to use external session caching for this.
> i am using the the following hooks.
>
> SSL_CTX_sess_set_remove_cb(ctx, cb)
> void call_back(S
hai,
i am writting a minimal concurrent ssl server, i am
planning to use external session caching for this.
i am using the the following hooks.
SSL_CTX_sess_set_remove_cb(ctx, cb)
void call_back(SSL_CTX,SSL_SESSION)
i am calling the callback functions before opening the
connection. i am
s exists only to improve performance when
> communicating with bad server implementations. defqult: false"
If I di not turn this flag on, my SSL Sessions are not cached.
Noz I assumed (most probably incorrectly) that there is session caching
built into OpenSSL. I notcied that the
On Wed, Jan 31, 2001 at 05:20:50PM +0100, Gil Peeters wrote:
> Noz I assumed (most probably incorrectly) that there is session caching
> built into OpenSSL. I notcied that the are SSL_CTX_set_cache_mode() and
> SSL_CTX_set_cache_size() etc, funtions, as well as the ability to do
>
Hi there,
On Mon, 22 Jan 2001, Shridhar Bhat wrote:
> Hi,
>
> We are trying to deploy multiple SSL-based servers
> in a cluster. We want to share the session cache of each
> of these servers so that connections from same client
> (with session id reuse) can be handled by any server in
> the sam
an idea.
Be aware, that there is one "write" operation for each new session, write
operations typically are more expensive.
The interface to handle sessions in the way you want to do it is prepared.
Database oriented session caching is included in mod_ssl, Apache+SSL,
Postfix/TLS...
Best rega
Shridhar Bhat wrote:
>
> Hi,
>
> We are trying to deploy multiple SSL-based servers
> in a cluster. We want to share the session cache of each
> of these servers so that connections from same client
> (with session id reuse) can be handled by any server in
> the same cluster. The scheme is simpl
Hi,
We are trying to deploy multiple SSL-based servers
in a cluster. We want to share the session cache of each
of these servers so that connections from same client
(with session id reuse) can be handled by any server in
the same cluster. The scheme is simple:
Each server maintains its local ca
Here I go responding to my own post again. Now I know why there were no
answers. Seems I missed it the last time it was posted. I think I have
it now. Thanks all.
L
Louis LeBlanc wrote:
>
> Ok, I have a general idea of how to manage my own client side caching.
>
> My client already maintain
Ok, I have a general idea of how to manage my own client side caching.
My client already maintains a record for each server it connects to, and
can store either a copy of the session, or a pointer to that session
back in the SSL_CTX session cache. Which is better? I am trying to
preserve the ca
Louis LeBlanc wrote:
>
> Ok, here's what I have so far:
>
> I turned on cacheing during the OpenSSL initialization in my app, then
> created a mechanizm to purge expired sessions every half hour. The
> entire cache is also purged, and stats are logged just before the logs
> are rolled for backu
Louis LeBlanc wrote:
>
> Hey all. I kind of feel like I'm beating a dead horse here, and that
> this question may have been answered already, but here goes.
>
> I have a client app that needs to connect to any number of servers and
> cache sessions. This app will be expected to create up to 10
Hey all. I kind of feel like I'm beating a dead horse here, and that
this question may have been answered already, but here goes.
I have a client app that needs to connect to any number of servers and
cache sessions. This app will be expected to create up to 100
connections per second, with pos
ssion id is found, but *not* used;
> a new session id is created and stored in cache.
>
> This behavior is exhibited when the client is MSIE, Netscape
> or s_client.
>
> I'm maintaining my own cache in memory and using callbacks
> to manage it. Here's the p
On Mon, Nov 06, 2000 at 02:39:15PM -0800, Brian Koref wrote:
> Was wondering if anyone had documentation on how to configure session
> caching and /or SSL Batching. I've seen reference to a session.doc, but
> have been unable to find it. Thanks
There is some documentation in the
Was wondering if anyone had documentation on how to configure session
caching and /or SSL Batching. I've seen reference to a session.doc, but
have been unable to find it. Thanks
begin:vcard
n:Koref;Brian
tel;work:(408) 341-3246
x-mozilla-html:FALSE
adr:;;
version:2.1
email;int
and stored in cache.
This behavior is exhibited when the client is
MSIE, Netscape
or s_client.
I'm maintaining my own cache in memory and using
callbacks
to manage it. Here's the portion that sets up session caching:
if (srvPtr->cachesize != 0) {
SSL_CTX_set_session_id_context
g with the "client hello".
I tried enabling session caching using:
SSL_CTX_set_sess_cache_mode(sslctx,
SSL_SESS_CACHE_SERVER);
I use SSL_accept() and SSL_new() API in the program.
Funtion, "lh_stats(...)" gives proper info about the
session list, number of nodes allocated, used, et
Louis LeBlanc wrote:
> Just in case anyone is interested, I have come across a problem with
> the SSL session caching. Under heavy load, my app would dump core,
> sometimes the core exceeded 300MB (though a good part of this was
> memory allocated for application functionality).
sockets, but I have seen no verification of this. Can anyone
give me a definitive description of the cause so I can either document
it as a network issue or fix my code?
Just in case anyone is interested, I have come across a problem with the
SSL session caching. Under heavy load, my app would
On Thu, Sep 28, 2000 at 09:27:23AM -0400, Ari Pirinen wrote:
> However, would someone please explain to me the function of
> SSL_CTX_set_session_id_context function call??? I hate to
> use functions which I have no idea what they do. I've searched all over the
> documents, the sources etc. but jus
Hello.
Apparently server side caching is not optional. At least IE5 fails with my
server when validating the client if caching is not enabled.
However, would someone please explain to me the function of
SSL_CTX_set_session_id_context function call??? I hate to
use functions which I have no idea
Hi,
I would like to cache a session in memory for later use in my
client.
At present I'm using i2d_SSL_SESSION(ssl->session,
&pp);
My question is how do I find out how much memory to allocate
to pp to receive the SSL_SESSION
data.
Regards
Martin.
On Tue, Sep 28, 1999 at 08:43:37AM +0200, Heiko Nardmann wrote:
> Since I have a slow authentication I would like to use session caching
> but I am not clear of what to do for it.
>
> Do I have to provide code for every session caching callback (I read
> ssleay.txt)
> or is th
Since I have a slow authentication I would like to use session caching
but I am not clear of what to do for it.
Do I have to provide code for every session caching callback (I read
ssleay.txt)
or is this there a setting which enables some default caching which I
have missed?
If there is no
On Tue, Jun 22, 1999 at 06:23:09PM +0200, Oliver Floericke wrote:
> I'm would like to convince OpenSSL to cache the session ID's but how can I
> achive this?
>
> I have a Client that sends him his SessionId which OpenSSL should already
> have, but the answer from OpenSSL is that it do not want t
Hi!
I'm would like to convince OpenSSL to cache the session ID's but how can I
achive this?
I have a Client that sends him his SessionId which OpenSSL should already
have, but the answer from OpenSSL is that it do not want to resume an old
session. At last this is what the debug from my client (
52 matches
Mail list logo
