[stunnel-users] permanent tunnel
Ramin Ali Dousti
ramin at cannon.eng.us.uu.net
Sun Oct 31 02:49:42 CEST 2004
Michal Trojnara wrote:
>On Saturday 30 of October 2004 01:16, Ramin Ali Dousti wrote:
>
>
>>You're right in that I don't have persistent TCP connection. I just
>>want to make sure that the SSL handshake
>>does not take place with every short-lived connection.
>>
>>
>
>You don't want to negotiate new keys for every connection, right?
>
>In SSL there's a mechanism for it called "session cache". In stunnel you can
>increase the timeout for session cache with "session" option (on both client
>and sever). Just set it to a very high value (a month? a year?). The default
>is 300 seconds (5 minutes).
>
>Best regards,
> Mike
>
>
OK. Can you please explain how that works, I mean, The encapsulated TCP
connection ends and let's say
some 2 minutes later the client initiates another TCP connection with
another client port number which goes
through the stunnel again. At this point the server expects to do the
SSL handshake again. From what you say,
I gather that there is this "session cache" option which instructs the
server to use its cache for the session key
and not go through the whole SSL handshake. First of all, how is this
cache maintained because it sounds like
defeating the purpose of using SSL (and its handshake) once you rely on
some kind of cache? Secondly, does
the client not have to know about this mechanism? What is the dialog
between the client and the server in
maintaining the session key across multiple sessions?
Thanks for the help.
Ramin
More information about the stunnel-users
mailing list