Ben Laurie schrieb:
>
> Holger Reif wrote:
> > Sean Walker schrieb:
> > > We are writing both client and server applications
> > > and so have complete control over the design. What would be a good means
> > > of generating a "session based" key?
> >
> > Perhaps you should ask for a better definition of "session based" first.
> >
> > > I believe that I would have to
> > > disable key caching on the server, correct?
> >
> > You have to disable *session* caching on the server. Thus for every new
> > connect a full SSL handshake is excercised and new key material for this
> > connection is generated.
>
> Unless they meant (as I suspect they did) that you should _enable_
> session caching!
This indeed depends on what they really mean. As I said:
Ask what this "session based" key is.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
