New submission from Jesús Cea Avión <j...@jcea.es>: Current SSL module doesn't manage SSL sessions, so any connection must do the full SSL handshake.
SSL/TLS support session restarting, when an old SSL context is used in a new connection, so you don't need to do the full SSL handshake. This is a huge performance improvement. I think SSL module should keep a small pool of sessions in core, to reuse. Better yet: a) In SSL sockets, a method should be added to get the SSL context. b) When creating a SSL socket, in client mode, a new optional parameter should be accepted, for a SSL context. c) When creating a SSL socket, in server mode, we have two options: a) provide a dictionary or similar, with different contexts for possible clients connections or, better b) provide a callback the SSL module will call when getting an incoming connection, with a session ID as a parameter. The callback can provide a session SSL state or "None". This second approach allow for session management, like expiration or persistence to disk. (the second option is equivalent to the first if the dict-like object includes this logic inside) What do you think?. ---------- components: Extension Modules messages: 100777 nosy: jcea severity: normal status: open title: SSL session management type: feature request versions: Python 2.7, Python 3.2 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue8106> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
