On Fri, Feb 28, 2014 at 10:13:02AM +0100, Jin Jiang wrote:

> Does OpenSSL support the session reused automatically and periodically?

On servers, by default there is an in-memory session cache, and
there are optional callbacks for an out-of-process session cache.

You can control the size of the in-memory cache and/or use the
callbacks to read/write session objects (keyed by session-id)
from/to a shared external cache.

For clients, you load the session yourself before calling SSL_connect()
when you think you're connecting to the same server.

> Is there same configuration for session resumption?

The server session lifetime settings control the maximum time for
which a session is considered valid.  Clients that present older
sessions (including session tickets) end-up negotiating new sessions
anyway.

> And usually it is the client side to initiate the session resumption
> request via inserting old session ID in the ClientHello msg. Is there any
> way to let server to initiate the resumption request?

No.  Server may (perhaps should) make session resumption more likely
by using session tickets, provided with load-balancers or multiple
processes on the same machine, you've arranged for all the servers
on the same address/port to be using the same session encryption
keys (or more precisely the same key for each key name).

In Postfix, the current and previous (name, key) pairs are held in
memory by the tlsmgr(8) daemon.  Each smtpd(8) server process also
caches these in memory, but asks tlsmgr(8) on a cache miss.

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to