[ 
https://issues.apache.org/jira/browse/PROTON-136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13528506#comment-13528506
 ] 

Affan Dar commented on PROTON-136:
----------------------------------

Is it straightforward to allow SSL resume to span process restarts? E.g., for 
resource constrained devices a process might be killed and then recreated when 
required. In this case if the app code is able to serialize the ssl resume 
state to some durable storage then it would be possible to resume an ssl 
connection from disk theoretically. If there is an API that can hand back a 
cookie for the app code to serialize and then later pass in then this should be 
do-able. Of course if openssl does not support a 'cold' resume like this (e.g. 
if it has other in-memory state) then this request is moot :)
                
> Add support for SSL session resumption
> --------------------------------------
>
>                 Key: PROTON-136
>                 URL: https://issues.apache.org/jira/browse/PROTON-136
>             Project: Qpid Proton
>          Issue Type: New Feature
>          Components: proton-c
>    Affects Versions: 0.3
>            Reporter: Affan Dar
>            Assignee: Ken Giusti
>              Labels: ssl, sslContext, sslresume
>         Attachments: PROTON-136-initial-Java-and-Python.tgz
>
>
> Open SSL supports resumption of SSL sessions which by-pass the heavy SSL 
> handshake process. This is critical for scenarios involving low powered 
> devices especially on cellular data networks where bandwidth is precious.
> It would be great if Proton exposes this ssl resume feature to users. .
> From: rhs [mailto:rschlom...@gmail.com] 
> Sent: Tuesday, November 13, 2012 11:34 AM
> To: Affan Dar
> Cc: David Ingham
> Subject: Re: SSL session resumption
> On Tue, Nov 13, 2012 at 8:05 PM, Affan Dar <affan...@microsoft.com> wrote:
> >>Serializing/restoring the whole session state for the messenger will work 
> >>for the scenario I think.
> Ok, let's start with this step then. I'm open to providing something finer 
> grained if there is a need, but my preference is to keep it simple for the 
> moment.
>    
> >>One more thing, RFC 5077 has another flavor of session resumption which 
> >>openssl supports (original >>implemented as RFC 4057 back in 2007 I think). 
> >>This allows us to resume sessions without carrying state >>on the server 
> >>side which as you can imagine is a big deal for service vendors. Probably 
> >>there is no API >>level impact if messenger handles the session state 
> >>itself but just wanted to put this on your radar.
> Ok, good to know.
> Could one of you file a JIRA for this upstream? I'm trying to get things a 
> little more organized on the process front and keep everything centralized in 
> JIRA. ;-)
> --Rafael

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to