RE: [users@httpd] HTTPS: what is the relation of ssl-handshake and keepalive?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I do not believe that is the case - actually from doing this myself, I am pretty sure it is not.

Turning off keepalive forces the TCP connection to be shut down by the server after each request so that the client will need to re-establish a TCP connection to submit the next request. The keepalive timeout usualy is only 30 seconds anyway, so you really only take advantage of the keepalive when downloading a page with lots of embedded objects.

The SSL session however is only re-negotiated something like every two minutes provided the client and the server both have an SSL session cache. It is maintained across TCP connections to the same site. I do not know that you can actually tune the SSL session cache in browsers, but in Apache you definitely can.

In conclusion, turning off keepalive does not disable the re-use of SSL sessions or force SSL handshake at the next TCP connections.

-ascs

-----Original Message-----
From: Qingshan Xie [mailto:xieq_49@xxxxxxxxx] 
Sent: Wednesday, November 09, 2005 5:59 AM
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] HTTPS: what is the relation of ssl-handshake and keepalive?

All, 

   I am not clear the relation between KeepAlive and SSL-HandShake.  I think if KeepAlive is turned off, the SSL-HandShake will be processed in every request. 
However, if KeepAlive is turned on, the following requests after the 1st SSL-HandShake during the period of KeepAlive won't need SSL-HandShake.  Can some confirm if the above statement is right?

Many Thanks, Q.Xie


		
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux