First, your question is really about a *connection* not a session. For many familiar protocols these are pretty much the same thing,
but for SSL they are not. In SSL the session can and often but not always does continue to exist after a connection is closed, and can be reused by subsequent connections, or parallel ones. To your question, it depends on what you are connected to and in particular what protocol(s) that supports or requires. As one everyday example, HTTP/1.0 only allows one request and response per connection; standardly you need a separate connection for each webpage and resource (img, css, etc.). Though for https=SSL those connections can reuse the session. And there were fairly common extensions before 1.1. HTTP/1.1 allows an unlimited number of requests and responses over one connection by default, but either client or server can limit it - to 1, some higher number, or time, or whatever. If you are connecting to your own application, you get to decide when you write that application what it supports. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jim Johnson Sent: Saturday, September 21, 2013 14:45 To: openssl-users@openssl.org Subject: Reusing client session question Is it ok to reuse the client session but just not closing it? I send a SSL_write then a SSL_read command, then I wait 30 seconds and send anther SSL_write and another SSL_Read request. Is this an appropriate way to reuse a connection?