Re: OpenSSL - Session Resumption on an On-going Connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>   I thought you wanted renegotiation, not resumption, servers can't
>   do "resumption", because resumption is what you do to avoid a full
>   handshake on a *new* connection, and only the client can reconnect.

Ok. Agreed.

>   You seem to be confused, and have not explained your requirements
>   clearly.  What is your *goal*?

My goal is to have the Openssl to "perform the TLS Resumption (initiated by the Hello Request message from the server or
the Client Hello message from the client), in an ongoing TLS Session." (it's specifically stated on the spec, like this).

>   What does "always on" mean to you?  

Always on, means that the socket connection is up for as long as it is possible, meaning that the socket is not closed and it keeps exchanging information all the time (server<->client)

>   Only clients can resume previous
>   sessions, when reconnecting to a server.  Is that what you're trying
>   to do? (Implement a server with a session cache for client resumption?

I'm developing the server side with OpenSSL 1.0.2. And it supports cache (I've activated it on the method SSL_CTX_set_session_cache_mode).   

>   Support session tickets? Is there just one server or a server "farm"?
>   Do the clients support resumption?)

There's only 1 server, not a farm.

How can I tell if the client supports resumption?


>   Or are you trying to periodically rekey a long-running connection?

Maybe this is it. 

For me, Renegotiation is request "everything" (new pubkey, certificates, etc)
Resumption, is just to refresh the keys? I'm a little confused here.

>   
>   Or something else?  

I think this is it :)


On Wed, 21 Nov 2018 at 23:12, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
On Wed, Nov 21, 2018 at 05:45:19PM +0000, Filipe Fernandes wrote:

> I've followed your example, and it looks like the server is doing what it's
> supposed to, however, I'm getting a disconnect from the server when the
> session expires. Which should not happen, and I can't seem to find a reason
> for this to be happening.
>
> As previously said, I'm developing a server that handles always-on TLS
> connections, and I'm trying to perform a session resumption.

I thought you wanted renegotiation, not resumption, servers can't
do "resumption", because resumption is what you do to avoid a full
handshake on a *new* connection, and only the client can reconnect.

You seem to be confused, and have not explained your requirements
clearly.  What is your *goal*?

What does "always on" mean to you?  Only clients can resume previous
sessions, when reconnecting to a server.  Is that what you're trying
to do? (Implement a server with a session cache for client resumption?
Support session tickets? Is there just one server or a server "farm"?
Do the clients support resumption?)

Or are you trying to periodically rekey a long-running connection?

Or something else?

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux