configure SSL session timeout
Dear All, I know the SSL session timeout param can be configured by the directive SSLSessionCacheTimeout. Is there any setting or API for the browser or client application to configure the SSL session timeout param and override the server's one such that each application can configure their timeout period of the SSL connection according to their requirement? Please advise and regards, KT Chow
Re: configure SSL session timeout
I know the SSL session timeout param can be configured by the directive SSLSessionCacheTimeout. Is there any setting or API for the browser or client application to configure the SSL session timeout param and override the server's one such that each application can configure their timeout period of the SSL connection according to their requirement? Nope... not that I know of. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: configure SSL session timeout
On Thu, Oct 06, 2005 at 09:51:47AM -0400, Cliff Woolley wrote: I know the SSL session timeout param can be configured by the directive SSLSessionCacheTimeout. Is there any setting or API for the browser or client application to configure the SSL session timeout param and override the server's one such that each application can configure their timeout period of the SSL connection according to their requirement? Nope... not that I know of. Just to clear this up - both the client and the server choose wether they want to reuse sessions. SSLSessionCacheTimeout sets how long the server is willing to reuse a session, but a client may choose not to reuse the session after a shorter time. When a session expires on the server, a client may try to reuse the session, but the server won't allow that. One example of a client using short session times is IE which would expire SSL2 sessions really fast, but allow TLSv1 with strong crypto to live much longer (that experience is a couple of years old, so they've probably changed the policy many times over since then). vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: engine format keys
Ah, right. You'll also need to ensure that the initialisation order allows the engine to be properly initialised (including maybe some control commands to prepare anything the engine needs) *before* the key is loaded. I have a vague recollection that this isn't the case? Though I could be wide of the mark here. I think init of the engine may be ok, but I'm not sure where my problem lies right now. Maybe in password input, or somewhere else... Yep, passphrase entry is at least part of the problem with calling ENGINE_load_private_key. After a few different attempts, I'm a bit stumped. The load key call wants a UI* passed to it, which eventually has UI_process() called on it by the engine. I've tried various ways of stuffing the modssl_read_bio_cb_fn pointer and the server rec into this structure, with a custom flush function which'd get called by UI_process. I haven't been able to test this approach yet, since it appears that openssl's UI_STRING and UI_METHOD structs aren't declared in a way that works in ui.h. For instance, any mention of sizeof(UI_STRING) brings an incomplete type error. Any help would be appreciated, I may not be using the ui interface correctly. Thanks, Kent Ahh, I see. Thanks for the info. I guess the next step is to poke the apache2 guys for openssl 0.9.8 support. I did try compiling 2.1 beta with it without luck. I'd suggest you contact Joe Orton - in fact he's probably on this list too. If the 2.1 beta (and/or cvs HEAD) don't properly handle 0.9.8, then there's a problem. Yep, I was wrong about this.. I'm working on 2.1.8 right now which compiles fine. I'll post when I can narrow down the problem any more. Thanks for the help, Kent -- Kent Yoder IBM LTC Security Dev. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]