mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Trustin Lee" <trus...@gmail.com>
Subject Re: SSLFilter and SSL session reuse
Date Sun, 10 Dec 2006 03:08:47 GMT
Hi Wolter,

On 12/10/06, Wolter Eldering <woltere@mac.com> wrote:
>
> Hi James,
>
> You are right, it has little use for a server.
> But if you are using the SSLFilter in client mode, the SSLEngine must
> be able to select a session(id) to send in the SSL ClientHello
> otherwise sessions will never be reused.
> In serverMode a session will only be resumed if a client asks for it
> by sending a sessionid in the ClientHello.
>
> I'm using the SSLFilter in client mode in combination with client
> authentication where the certificates are stored on a smartcard, for
> every SSL session I create a sign operation is required on the
> smartcard which is quite slow.


Actually, I am not used to this kind of 'session reuse' situation.  Does
just specitying hostname and port number make the SSLContext reused?  Is
SSLContext instance cached somewhere in a LRU cache?  If it is that simple,
can we just replace the ctx.createSSLEngine() to ctx.createSSLEngine(hostname,
port)?  Wouldn't there be any possibility of memory leak?

Probably several lines of patch might worth much more than explaining the
whole stuff.  :D

Thanks for the feed back,
Trustin
-- 
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP key fingerprints:
* E167 E6AF E73A CBCE EE41  4A29 544D DE48 FE95 4E7E
* B693 628E 6047 4F8F CFA4  455E 1C62 A7DC 0255 ECA6

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message