On Jul 2, 2013, at 2:59 PM, Ryan Sleevi <ryan+cryptogra...@sleevi.com> wrote:
> On Tue, July 2, 2013 2:02 pm, Paul Hoffman wrote: >> On Jul 2, 2013, at 1:52 PM, Ben Laurie <b...@links.org> wrote: >> >>> Alternatively, we stay in this world, clients expire sessions hourly, >>> and we're all happy. >> >> Is this what most recent browsers do? They expire their TLS sessions after >> an hour? That would be nice. >> >> --Paul Hoffman > > Firefox and Chrome use a 24-hour period, as recommended - see > http://mxr.mozilla.org/nss/source/lib/ssl/sslnonce.c#21 > > CryptoAPI/SChannel defaults to 10 hours, but I don't know if IE is > tweaking that at all - see dwSessionLifespan for > http://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx > > OS X/SecureTransport uses ten minutes as the default - see > SESSION_CACHE_TTL in > http://www.opensource.apple.com/source/Security/Security-55179.11/libsecurity_ssl/security_ssl/appleSession.c Is this what people are seeing when they test these clients against test servers? --Paul Hoffman _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography