Hi Michael,
unfortunately, you're wrong. You need my patches to perform
renegotiations at all, since the current implementation is broken in
this respect. Technically, the abbreviated handshake is supported, but
OpenSSL does not provide any API to initiate it without reconnecting.
The functions for session handling can be used to save a session and
reassign it before connecting to perform an abbreviated handshake.
This has no effect on an established connections because your saving
and overwriting the session with the same data without any further
action. I already criticized this in a mail to the list but there were
no answers beside the explanation how to use the session functions
when reconnecting.
Regards,
Robin
Am 20.01.2009 um 18:38 schrieb Michael Tüxen:
Hi Giang,
I think Robin tested it, so yes it works... But you need the bugfixes
he sent to the list...
Robin: Am I right?
Best regards
Michael
On Jan 20, 2009, at 5:59 PM, Giang Nguyen wrote:
I think I will go for the hack that misuses re-negotiation as a
kind of
heartbeat, keep alive or echo request. I tried to avoid this hack at
first because it is a computational burden. AFAIK re-negotiation
means
restarting from scratch which means that expensive public key
operations
have to be performed.
to avoid expensive full handshakes, what about using sessions?
from what i read at http://tools.ietf.org/html/rfc4347#section-3,
"To the greatest extent possible, DTLS is identical to TLS."
and from what i read at http://tools.ietf.org/html/rfc5238 section
3.4: "multiple DTLS connections can be resumed from the same DTLS
session, each running over its own DCCP connection."
so my assumption here is that DTLS supports abbreviated handshakes
for session resumptions.
_________________________________________________________________
Windows Live™ Hotmail®: Chat. Store. Share. Do more with mail.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_explore_012009______________________________________________________________________
OpenSSL Project http://
www.openssl.org
User Support Mailing List openssl-
us...@openssl.org
Automated List Manager
majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org