curl-library
Re: SSL session resume problem?
Date: Mon, 2 Jun 2003 11:24:43 +0200 (CEST)
On Fri, 30 May 2003, Cyrill Osterwalder wrote:
> The only reason why I keep my curl handle at this point is because I'd like
> to benefit from SSL session resumes. I'm testing the SSL handshakes and
> find that the SSL sessions are not resumed if I create new curl handles so
> reusing the handle looks like a must.
Correct. That is the only way libcurl supports session ID caching/re-use.
> However, reusing the curl handle does not seem to provide 100% SSL session
> resume support. According to the OpenSSL trace log of the web server,
> libcurl does not seem to update it's SSL session
Can you provide us with a public URL and example code showing this happen?
> - if it is not a new handshake but an attempt to resume the SSL session
>
> - if the server does not resume the SSL session for any reason (SSL session
> dead, cache miss, etc)
libcurl re-uses the session ID if it has one in its cache for the same name,
and it has no existing TCP connection to the site (if it has it re-uses that
instead).
That's the theory at least.
> In this case, a new SSL session is created between client and server but it
> does not seem to be kept by the libcurl client. This happens now for each
> following requests. I can provide the server SSL engine log files if
> anybody would be interested.
Well, it would be better if you could also debug libcurl to see if it
actually has the ID in the cache but doesn't re-use it, or if it actually
attempts to re-use it but it somehow fails.
> Any ideas on this? Is this an OpenSSL issue?
I don't know, I don't use this much myself and I don't think we have any test
cases for it.
-- Daniel Stenberg -- curl: been grokking URLs since 1998 ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5Received on 2003-06-02