On Mon, Jul 17, 2017 at 09:54:39AM +0100, Matt Caswell wrote: > In the default case a server will just use the > internal session cache. You can populate that cache manually using > SSL_CTX_add_session(). So if you have a set of pre-existing SSL_SESSION > objects (perhaps loaded from a file) you can manually populate that > cache at application startup. When server side (non-ticket) caches are enabled in Postfix it uses a file-based key-value store. The lookup key is the session id sent by the client, and the value is the serialized session object. So it is also possible to load saved sessions on demand. In Postfix this is used to share sessions within a pool of cooperating processes, and the cache is deleted on restart, but that's a design choice that other applications could (with care) make differently. I would avoid using session objects across changes in the OpenSSL library version between the process that saved the session and the process that's reading it. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
