[stunnel-users] permanent tunnel

Michal Trojnara Michal.Trojnara at mirt.net
Sat Oct 30 09:28:27 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 30 of October 2004 01:16, Ramin Ali Dousti wrote:
> You're right in that I don't have persistent TCP connection.  I just
> want to make sure that the SSL handshake
> does not take place with every short-lived connection.

You don't want to negotiate new keys for every connection, right?

In SSL there's a mechanism for it called "session cache".  In stunnel you can 
increase the timeout for session cache with "session" option (on both client 
and sever).  Just set it to a very high value (a month? a year?). The default 
is 300 seconds (5 minutes).

Best regards,
    Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBg0Kf/NU+nXTHMtERAl0mAKDODCg+9LwUVoBfx+i6ou7iYmjgcQCfYprS
Mv3KKdhQTUcs81yIw/KNT70=
=NWHN
-----END PGP SIGNATURE-----



More information about the stunnel-users mailing list