cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-users Mailing List Archives

RE: Question regarding using the ssl sessionid usage

From: Niranjan Ramakrishnan <willowbreaker_at_hotmail.com>
Date: Wed, 1 Apr 2009 12:21:48 -0700

From what I understood from Daniel's input in the question, the sessionid will be reused only for the next SSL handshake when the earlier connection has been closed. As far as I understand , the sessionid will be reused across multiple handshakes by default and that this feature can be disabled with the --no-sessionid flag.

Am I missing something here ?

Thanks

Date: Wed, 1 Apr 2009 13:04:28 -0500
Subject: Re: Question regarding using the ssl sessionid usage
From: pekowski_at_gmail.com
To: curl-users_at_cool.haxx.se

2009/4/1 Niranjan Ramakrishnan willowbreaker_at_hotmail.com

REQUEST

/usr/local/bin/curl --verbose -k --url https://www.google.com - In the ClientHello , I see sessionid length as 0 - As expected.

The ServerHello sends a sessionid

I resend the request

/usr/local/bin/curl --verbose -k --url https://www.google.com - In the ClientHello , I see sessionid length as 0 - I would expect it to reuse the sessionid that was sent previously.

Please let me know if I am doing something wrong.
 
SSL sessions are not saved across separate invocations of the curl command line. This is fairly standard practice. The SSL sessions are part of the Open SSL library whose cache only exists for as long as the process lives. If you want SSL sessions to be reused, then you should look into making each request come from the same process. This can be done by using libcurl. There are many language bindings for libcurl including Perl, my personal favorite. You would simply write a script that makes each HTTP request in sequence. You will find that the SSL session is reused on the subsequent requests. There are simple examples to be found of how to make an HTTP request using the Perl language bindings.

 
There is one question that comes to mind. Why do you care? The overhead in creating a brand new curl command line process is probably as long or longer than creating the SSL session, at least from the client side. It does add some overhead to the server, but again, are you sure there is a problem with this? Are you planning on a high rate of transactions? Or maybe the server caches the user identity based upon the SSL session, rare, but not unheard of.

 
Ray
_________________________________________________________________
Windows Live™: Keep your life in sync.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_042009

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-04-01

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET