will be added to the discussion
below:
http://openssl.6102.n7.nabble.com/Why-Openssl-s-server-is-allowing-Session-Reuse-on-the-same-tcp-connection-tp44907p44948.html
To unsubscribe from Why Openssl s_server is allowing Session Reuse on
the same tcp connection, click
herehttp://openssl.6102.n7
-Original Message-
From: sajualways
But what Use Case does this have, where client tells the server to resume
the ssl session on the same tcp connection.
The use case is changing the keys for securing long-standing connections. Of
course this is in the server's responsibility, but
Thanks Patrick.
But what Use Case does this have, where client tells the server to resume
the ssl session on the same tcp connection.
Usually a different tcp connection makes sense to reuse the session id.
--
View this message in context:
Openssl s_server is allowing Session Reuse on the same tcp connection
When a second client hello is sent with session id of first handshake it
is reusing i.e it is doing a session resumption instead it should do
Renegotiation
--
View this message in context:
-Original Message-
From: sajualways
Openssl s_server is allowing Session Reuse on the same tcp connection
Yes, of course. Why not? The ssl protocol is taking place on a higher OSI level
than tcp, so it doesn't matter whether it's the same or a different tcp
connection.
When a