> Is it possible to perform the shortened (session resumption) > handshake without reconnecting the socket? TLS 1.2 RFC 5246 states:
Yes. > [ClientHello] > The session identifier MAY be from an earlier connection, this > connection, or from another currently active connection. The second > option is useful if the client only wishes to update the random > structures and derived values of a connection, and the third option > makes it possible to establish several independent secure connections > without repeating the full handshake protocol. > > So it should be possible, but the only handshake related functions I > have found in OpenSSL are SSL_renegotiate and SSL_get_session/ > SSL_set_session. The first always performs a full handshake and the > latter requires a new SSL object. The new SSL object can become associated with the resumed session. An SSL object is not a session, it's a handle to a session. An 'SSL' structure contains a pointer to an SSL_SESSION. The SSL_SESSION is reference counted. The "SSL_SESSION" object contains the information required to re-establish the connection without a new handshake. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
