mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wolter Eldering <wolt...@mac.com>
Subject Re: SSLFilter and SSL session reuse
Date Sat, 09 Dec 2006 19:36:57 GMT
Hi James,

You are right, it has little use for a server.
But if you are using the SSLFilter in client mode, the SSLEngine must  
be able to select a session(id) to send in the SSL ClientHello  
otherwise sessions will never be reused.
In serverMode a session will only be resumed if a client asks for it  
by sending a sessionid in the ClientHello.

I'm using the SSLFilter in client mode in combination with client  
authentication where the certificates are stored on a smartcard, for  
every SSL session I create a sign operation is required on the  
smartcard which is quite slow.


Op 9-dec-2006, om 16:27 heeft James Im het volgende geschreven:

> Wolter Eldering wrote:
>> Hi,
>> Does anybody if and how SSL sessions can be reused when using
>> SSLContext.createSSLEngine()?
>
> It was never really clear to me so instead on answering your question
> I'll add some more questions. What would happen if the hint was the  
> same
> for 2 different browsers sessions?
>
> Given 2 browsers in different computers behind a proxy or nat  
> connect to
> my website, how can mina identify which session belongs to which  
> browser?
> In these conditions, I guess that the IP and the hostname could be the
> same for both browsers...
>
> Must the hint for "createSSLEngine(String, int)" be unique for each  
> session?
>
> _________________________________________________________________
> Ta' på udsalg året rundt på MSN Shopping:  http://shopping.msn.dk   
> - her finder du altid de bedste priser


Mime
View raw message