Do SSL session IDs change whenever an SSL renegotiation happens? Expermenting using the openssl s_client with "R" command seems to indicate it's true, but can it be confirmed, that SSL session IDs have to change during each renegotiation by the spec? Or is it implementation dependent? Is it at least true for OpenSSL being the server side?
Thanks for sharing any insight. Regards, Rainer ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
