Michal Trojnara wrote:
On Saturday 30 of October 2004 01:16, Ramin Ali Dousti wrote:
You're right in that I don't have persistent TCP connection. I just want to make sure that the SSL handshake does not take place with every short-lived connection.
You don't want to negotiate new keys for every connection, right?
In SSL there's a mechanism for it called "session cache". In stunnel you can increase the timeout for session cache with "session" option (on both client and sever). Just set it to a very high value (a month? a year?). The default is 300 seconds (5 minutes).
Best regards, Mike
OK. Can you please explain how that works, I mean, The encapsulated TCP connection ends and let's say some 2 minutes later the client initiates another TCP connection with another client port number which goes through the stunnel again. At this point the server expects to do the SSL handshake again. From what you say, I gather that there is this "session cache" option which instructs the server to use its cache for the session key and not go through the whole SSL handshake. First of all, how is this cache maintained because it sounds like defeating the purpose of using SSL (and its handshake) once you rely on some kind of cache? Secondly, does the client not have to know about this mechanism? What is the dialog between the client and the server in maintaining the session key across multiple sessions?
Thanks for the help.
Ramin