Re: IO::Socket::SSL Server-side Session caching

Replies are listed 'Best First'.
Re^2: IO::Socket::SSL Server-side Session caching by dpetrov (Acolyte) on Jun 03, 2009 at 11:25 UTC
Okey, I am kind of lost right now: Let see the foolow examples. First we'll create SSL server using openssl like that: `openssl s_client -reconnect -state -prexit -connect localhost:1234 -cert testpkey.pem` then we make 5 repeatedly connections: `openssl s_client -reconnect -state -prexit -connect localhost:1234 -ce +rt testpkey.pem -no_ticket` [download] Then on all my 5 requests I've the same session-id and master-key: `Session-ID: 9C2B75807FE8AEB2E1C05B7B34D3F9F0B9394975D23AEA1BCC41F0 +BE1A1578CF Session-ID-ctx: Master-Key: 56182F7B8149E11642665147042CC499581786CA6565D5F3FB7C59 +E446E520BB50D3857CA3323E665C9F86A87D3CD45C` [download] If I use no_ticket option on the server, each my request have different Session-ID. What I understand, is that session caching could set the old session-id or create new one, each time new connection occurs. But... what I misunderstood is: How can I get the session ID from the $CLIENT socket? If I enable the session caching, do I renegotiate each time new connection arrives? If the session id is different every time, how can I understand that the caching is working? Wireshark? or debug? Thanks	[reply] [d/l] [select]
Re^3: IO::Socket::SSL Server-side Session caching by Anonymous Monk on Jun 06, 2009 at 05:43 UTC
How can I get the session ID from the $CLIENT socket? I think you would have to patch Net::SSLeay. If I enable the session caching, do I renegotiate each time new connection arrives? Yes, but its shorter negotiation. See SSL. If the session id is different every time, how can I understand that the caching is working? Wireshark? or debug? Not sure. A simple way would be to benchmark (with cache should be faster).	[reply]