I originally came across this question while I was trying to set up SSL session resumption. I thought I would share the results of my investigation.

Bottom Line: SSL Session resumption should be possible using Perl but isn't!

Using the C OpenSSL library you would typically:

open the first SSL connection

save the session details using SSL_get_session before closing the connection

use SSL_set_session when initialising the next SSL connection

Crypt::SSLeay doesn't implement the SSL_get/set_session function so session resumption is not possible.

Net::SSLeay implements both functions. However Net::SSLeay doesn't implement SSL_shutdown and relies on the socket-level shutdown routine. This leads to a 'premature close' on the link. The standards forbid resuming a session which was closed prematurely (although I've heard some implementations allow it).

If you find a way please let me know.

---

The SSL_SESSION structure contains all that is required to resume the session. This includes the Session_ID, the Cipher spec, and the Master_key. Only the Session_ID is sent during session resumption. The Master_key is used to reset the symmetric encryption key for the session while the Cipher specifies which encryption method is to be used.