We're using the standard internal session (maintained per SSL_CTX object); not
tickets.
We're seeing that the sessions are shared, a refcount is maintained, but that
SSL does modified fields within a session while it's being used. Most notably
an address sanitizer build found the EC point stuff being mangled.
It seems there are bugs in the OpenSSL stuff.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: [email protected] Twitter: RichSalz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
