RE: SSLSessionCacheTimeout

2001-09-10 Thread lgazis
> From: Geoff Thorpe [mailto:[EMAIL PROTECTED]] > Sent: Saturday, September 08, 2001 11:30 AM > To: '[EMAIL PROTECTED]' > Subject: RE: SSLSessionCacheTimeout > Hi there, > On Fri, 7 Sep 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: >> Geof

RE: SSLSessionCacheTimeout

2001-09-08 Thread Geoff Thorpe
Hi there, On Fri, 7 Sep 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: > Geoff, > Thanks for the detailed explaination - it does make a lot of sense.. > As you've pointed out in case of SHMHT, if a server is lightly loaded, the > session id will be cached for a time greater than th

Re: SSLSessionCacheTimeout

2001-09-08 Thread Lutz Jaenicke
On Fri, Sep 07, 2001 at 06:26:18PM -0700, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: > Thanks for that feedback.. When I meant "reset the timeout", I certainly > did not mean to do it for ever.. There has to be a limit - either the number > of times the reset is done or the time limit - or

RE: SSLSessionCacheTimeout

2001-09-07 Thread MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
omes in at the nth moment) Anyway, your point is well taken. I guess it's a issue of security vs performance - and I'm sure security takes a upper hand. -Madhu -Original Message- From: Geoff Thorpe [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 1:04 PM

RE: SSLSessionCacheTimeout

2001-09-07 Thread MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
_ssl gurus agree to have a bigger timeout, it's fine with me. 'else, I can try including the logic in Apache 2.0. Looking forward for your feedback.. Thanks -Madhu -Original Message- From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 11:45 AM

Re: SSLSessionCacheTimeout

2001-09-07 Thread Rich Salz
> The timeout on a session is also a concept subject to much > misunderstanding. I've always though TTL, TimeToLive, was a better name. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com _

Re: SSLSessionCacheTimeout

2001-09-07 Thread Geoff Thorpe
Hi there, On Fri, 7 Sep 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: > If my understanding is correct, the current logic for > SSLSessionCacheTimeout (in mod_ssl) is to mark the time when the first > request was received, and then, irrespective of how long the connection has > bee

Re: SSLSessionCacheTimeout

2001-09-07 Thread MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
_ssl gurus agree to have a bigger timeout, it's fine with me. 'else, I can try including the logic in Apache 2.0. Looking forward for your feedback.. Thanks -Madhu -Original Message- From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 11:45 AM

Re: SSLSessionCacheTimeout

2001-09-07 Thread Lutz Jaenicke
On Fri, Sep 07, 2001 at 09:52:42AM -0700, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: > If my understanding is correct, the current logic for > SSLSessionCacheTimeout (in mod_ssl) is to mark the time when the first > request was received, and then, irrespective of how long the connectio