On Fri, Sep 11, 2009 at 12:51:15PM +1000, Andrew Sumner wrote: > Victor, you've just described exactly what I've been trying to do. A clean > shutdown on both sides, socket connection left open, then a "client HELLO" > after which both sides initiate SSL again. > > I just can't seem to find a method of doing it that actually works.
Initially, does your client build an SSL connection over an already (TCP) established connection passed to it as a file descriptor? Initially, does your server accept an SSL connection over an already (TCP) established connection passed to it as a file descriptor? Do both parties call SSL_shutdown() at least once, and a second time if the initial return value is zero? Do you use an external session cache (store serialized SSL_SESSION objects) in a store accessible to multiple processes via IPC or an appropriate shared resource with robust locking? If so, the re-connect will be efficient, if you pre-load the saved session into the client SSL state. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org