Fastream Technologies wrote:
> I am still curious whtehr there is a way to increase the timeout for
> the connection handshake--possibly in registry. 

OpenSSL and the registry makes no sense to me?

> I won't implement
> session caching because it is not realistic to assume same clients
> accessing the server--you wrote that client and server both must
> support for session caching. 

That's correct and most browsers in use today support it. 
SSL session caching indeed may only speed up negotiation of the SSL 
connection. For example, very useful in FTP when a secure data 
connection is established or in HTTP with non persistent connections. 

> I want the worst case scenario. Let's
> think botnet of 1000 zombie IE activeX's attacking our SSL proxy!

I guess that those kind of DOS clients will never use SSL session caching.
May be some kind of shorttime blacklisting is more helpful in those cases?  

--
Arno Garrels [TeamICS]
http://www.overbyte.be/eng/overbyte/teamics.html

-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to