On Fri, Feb 28, 2014 at 10:13:02AM +0100, Jin Jiang wrote: > Does OpenSSL support the session reused automatically and periodically?
On servers, by default there is an in-memory session cache, and there are optional callbacks for an out-of-process session cache. You can control the size of the in-memory cache and/or use the callbacks to read/write session objects (keyed by session-id) from/to a shared external cache. For clients, you load the session yourself before calling SSL_connect() when you think you're connecting to the same server. > Is there same configuration for session resumption? The server session lifetime settings control the maximum time for which a session is considered valid. Clients that present older sessions (including session tickets) end-up negotiating new sessions anyway. > And usually it is the client side to initiate the session resumption > request via inserting old session ID in the ClientHello msg. Is there any > way to let server to initiate the resumption request? No. Server may (perhaps should) make session resumption more likely by using session tickets, provided with load-balancers or multiple processes on the same machine, you've arranged for all the servers on the same address/port to be using the same session encryption keys (or more precisely the same key for each key name). In Postfix, the current and previous (name, key) pairs are held in memory by the tlsmgr(8) daemon. Each smtpd(8) server process also caches these in memory, but asks tlsmgr(8) on a cache miss. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org