Return-Path: 
 <dev-return-3581-apmail-mina-dev-archive=mina.apache.org@mina.apache.org>
Delivered-To: apmail-mina-dev-archive@www.apache.org
Received: (qmail 62898 invoked from network); 9 Dec 2006 19:42:16 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 9 Dec 2006 19:42:16 -0000
Received: (qmail 62381 invoked by uid 500); 9 Dec 2006 19:42:23 -0000
Delivered-To: apmail-mina-dev-archive@mina.apache.org
Received: (qmail 62360 invoked by uid 500); 9 Dec 2006 19:42:23 -0000
Mailing-List: contact dev-help@mina.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@mina.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@mina.apache.org>
List-Post: <mailto:dev@mina.apache.org>
List-Id: <dev.mina.apache.org>
Reply-To: dev@mina.apache.org
Delivered-To: mailing list dev@mina.apache.org
Delivered-To: moderator for dev@mina.apache.org
Received: (qmail 61242 invoked by uid 99); 9 Dec 2006 19:37:41 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: local policy)
Mime-Version: 1.0 (Apple Message framework v752.2)
In-Reply-To: <BAY7-F16338F32C07F8EFDE8548D96D20@phx.gbl>
References: <BAY7-F16338F32C07F8EFDE8548D96D20@phx.gbl>
Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed
Message-Id: <ECFFCC9E-6743-49AE-8291-C03B8EC2A47D@mac.com>
Content-Transfer-Encoding: quoted-printable
From: Wolter Eldering <woltere@mac.com>
Subject: Re: SSLFilter and SSL session reuse
Date: Sat, 9 Dec 2006 20:36:57 +0100
To: dev@mina.apache.org
X-Mailer: Apple Mail (2.752.2)
X-Brightmail-Tracker: AAAAAA==
X-Brightmail-scanned: yes
X-Virus-Checked: Checked by ClamAV on apache.org

Hi James,

You are right, it has little use for a server.
But if you are using the SSLFilter in client mode, the SSLEngine must =20=

be able to select a session(id) to send in the SSL ClientHello =20
otherwise sessions will never be reused.
In serverMode a session will only be resumed if a client asks for it =20
by sending a sessionid in the ClientHello.

I'm using the SSLFilter in client mode in combination with client =20
authentication where the certificates are stored on a smartcard, for =20
every SSL session I create a sign operation is required on the =20
smartcard which is quite slow.


Op 9-dec-2006, om 16:27 heeft James Im het volgende geschreven:

> Wolter Eldering wrote:
>> Hi,
>> Does anybody if and how SSL sessions can be reused when using
>> SSLContext.createSSLEngine()?
>
> It was never really clear to me so instead on answering your question
> I'll add some more questions. What would happen if the hint was the =20=

> same
> for 2 different browsers sessions?
>
> Given 2 browsers in different computers behind a proxy or nat =20
> connect to
> my website, how can mina identify which session belongs to which =20
> browser?
> In these conditions, I guess that the IP and the hostname could be the
> same for both browsers...
>
> Must the hint for "createSSLEngine(String, int)" be unique for each =20=

> session?
>
> _________________________________________________________________
> Ta' p=E5 udsalg =E5ret rundt p=E5 MSN Shopping:  =
http://shopping.msn.dk  =20
> - her finder du altid de bedste priser