On 02/16/2018 04:51 PM, Christopher Lane wrote:
On Thu, Feb 15, 2018 at 3:02 PM Aleksandar Lazic <[email protected] <mailto:[email protected]>> wrote:Hi. Am 15.02.2018 um 22:42 schrieb Christopher Lane: > Internally, my company uses pregenerated SSL sessions. Just for my curiosity what is a "pregenerated SSL session" ? What's the use case for this?SSL sessions, as negotiated between the client and server, can be serialized and saved to disk or database or whatever. Then when a new connection comes in, they can be de-serialized and the old session can be resumed, skipping the multiple round trip SSL handshake and the expensive RSA key operations.
At the expense of security, as man-in-the-middle things usually are... (just an observation, everyone's security policy is different)
