hello
I want to know that can I see the content of session-ID cash?(internal cash)
is it possible for an attacker that sniff the master-key from this cash?
how secure is this cash?
thank you very much
Victor Duchovni <[EMAIL PROTECTED]> wrote:
Victor Duchovni <[EMAIL PROTECTED]> wrote:
On Sun, Oct 30, 2005 at 10:57:00PM -0800, imana sakki wrote:
> hello
> where is the session-ID & master-key in the camputer? where is this cashe?
> can I see it? how secure is it? thank you
>
Relevant man pages:
SSL_CTX_sess_set_cache_size
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_set_session_cache_mode
SSL_CTX_set_session_id_context
SSL_CTX_set_timeout
d2i_SSL_SESSION
i2d_SSL_SESSION
The cache is in process memory by default, but callbacks allow you
to persist the cache in external storage.
A decent example of how an external cache is implemented can be
found in the Postfix 2.2.5 source code (the src/tls/tsl_client.c,
src/tls/tls_server.c and src/tls/tls_session.c files).
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Yahoo! FareChase - Search multiple travel sites in one click.
