Hello, There is an option available: SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION Descroption laconicaly states: "When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial handshake). This option is not needed for clients. "
But I can't find any information WHY and WHEN I should (or should not) use this option. Could anyone explain, what the purpose of this option? I.e. what the drawback of allowing session resumption during renegotiation? Is it for compatibility with buggy clients? Or is it some security countermeasure? Would be really appreciated for any comments. Best wishes, Andrey
