Re: SSL session IDs and caching them...
Date: Tue, 13 Nov 2001 09:51:52 +0000
> OpenSSL has functions which can serialise the current SSL state to a
> buffer of your choice, and recover/reset the state from such a buffer at
> a later date - this is used by mod_ssl for apache to implement and SSL
> session ID cache which is either stores in a shared memory segment or in
> a DBM file on disk. Some variants of apache (such as, I believe,
> stronghold) even go as far as to put the session info into a MySQl
> database, so that a whole cluster of apaches can share a single SSL
> session ID cache.
> The mod_ssl/EAPI extensions to mod_proxy make mod_proxy use a cache when
> doing proxy-client ssl connections too.. (In fact, it uses the same
> cache as the regular server, as an ID collision is pretty unlikely :-) )
> I haven't looked at that bit of code in ages, but it seemed pretty
> straightforward. Curl should probably implement these as as callbacks in
> libcurl, which are called to store or fill 'some buffer' for a
> particular ID.
Could this please be added to your TODO list as this would be very
Received on 2001-11-13