At 05:12 AM 8/30/2002, you wrote: >SSL requires a 7-step handshake between the two systems in order to >establish an SSL connection before any data can be passed. This handshake >also requires multiple cryptographic operations including generation of a >fairly small random number, as well as disk accesses of the digital >certificate files for authentication. SSL session establishment takes a >bit of time. To compensate for this, most SSL implementations will cache >connections between two systems so that what appears to the application >writer as a second session, runs over an existing SSL connection. Even >so, there is some overhead in the encryption once the session has been >established.
I have an application where two AOLserver instances on two different nodes are going to have lots and lots of communication between themselves -- I would prefer to keep the connections transient, but want to know what the alternatives are. It's interesting to know that nsopenssl/nsssl may already be doing some of this. Can you tell me more about how this connection caching is done in AOLserver? Is it handled entirely within nsopenssl/nsssl? Is it actually keeping the TCP/IP connection open, or just caching some of the SSL/crypto data? If the latter, how does it determine a new request is actually part of an old SSL session? Thanks, Jerry
