> On Dec 29, 2018, at 8:19 AM, C.Wehrmeyer <c.wehrmeyer@xxxxxx> wrote: > > OK, so I've been reading the mails before going to sleep and spent some time thinking and researching about this, and I've come to a conclusion: OpenSSL is a goddamn mess, SSL_clear() is pretty much superfluous, and as such shouldn't exist. > > Why? Well, to quote Viktor here: > > > DO NOT reuse the same SSL handle for multiple connections, I said it, neither because it can't be done, nor because it is incompatible with session caching, or has anything to do with ephemeral key agreement (which works just fine even with session resumption), but simply because it is easier for a beginner to get the code working without SSL handle re-use. Once you have you everything else working, and have become more adept with use of the library, you can add connection handle re-use and measure the performance impact. If it makes a significant difference, then invest in maintaining slightly more complex code to get the advantage. That's all I can offer in light of the bellicose rant, ... :-( Good luck. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
