Hello, > I was just trying to weigh the option of doing things with shared memory. I > believe mod_ssl does this ... possibly they share ssl sessions through > shared memory, but I dont have the details. After looking at mod_ssl source it looks that SSL_SESSION objects are being kept in shared memory. But this is not solution for you. SSL session is mechanism to resume already negotiated SSL session between client and server. Client in ClientHello packet sends already established (before) session ID and if server has parameters for this session (like master_secret, compression methods, cipher suite, ...) and this session is not timed out then SSL handshake may be finished with 6 packet exchange instead of 9 (handshake without client authentication), 10 (handshake with isolated authentication from encryption) or 12 (handshake with client authentication). But SSL_SESSION object do not have state information like read sequence number or write sequence number and can not be used to create working copy of SSL object on already established channel. In real usage this is used to fill very important crypto parameters but sequence numbers starts counting after receiving ChangeCipher protocol message in read/write direction. In this scenario resuming SSL session saves for example CPU used for RSA private key operation.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
