Nelson B. Bolyard wrote:
>Yannick Koehler wrote:
>
>>This make me suspect that our function that checks in which context a
>>packet come from is broken.
>>
>< Which side has the responsability to ask for a re-negotiation
>
>>of the session ID / Keys? Is it the client or the server or both? I
>>would expect the server to be in control of such negotiation right?
>>
>
>Either side can always cause a new Session ID to be used in any handshake.
>The client forces a new Session ID by doing any of the following:
>- sending an SSL v3 hello message in the v2 format.
>- sending an SSL v3 hello message with an empty, or zero, or unrecognized
> SSL v3 session ID number
>In any of these cases, the server is unable to reuse the session ID given
>by the client, and so makes up a new session.
>
>The server also has the freedom to choose to use a new session any time
>it wants. It can always do a "full handshake" instead of a shorter
>session "restart" handshake, and thereby start a new session.
>
>--
>Nelson Bolyard Sun / Netscape Alliance
>
>
And what are the reason for Mozilla to re-negotiate new session ID? Is
there a timeout and other factors?
To my understanding there's no reason to change the session ID unless
you want to have extra security by re-negotiating the keys often and if
such is the case I think that the current delay is way to short as it
re-negotiate the session ID for each new HTTP GET.
Is there a way to change that timeout/factor ? I've downloaded Mozilla
yesterday on my Linux box and PSM didn't seems to be part of the default
build process.
cvs get mozilla/client.mk
cd mozilla
make -f client.mk
Yannick Koehler
