Of Ralf S. Engelschall wrote:
> Hmmm... I've no great opinion on this issue. I can see reasonable arguments
> for both keeping the DBM file and truncating it. At least I've no objection
> on using O_TRUNC or doing an unlink before ssl_dbm_open in
> ssl_scache_dbm_init. What is the opinion of others?
Heck, I don't change the allowed ciphers really at al, so I'm not going to get
bitten. I do like to see the sessions preserved over restarts, because that's
the whole purpose of a cache.
What about applying the allowed cipher mask to sessions grabbed from the cache?
Or something like storing the cipher mask in the database and clearing the
cache only when it changes.
- David Harris
Principal Engineer, DRH Internet Services
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
