cURL / Mailing Lists / curl-library / Single Mail

curl-library

SSL session resume problem?

From: Cyrill Osterwalder <cyrill.osterwalder_at_seclutions.com>
Date: Fri, 30 May 2003 10:42:23 +0200

The only reason why I keep my curl handle at this point is because I'd like
to benefit from SSL session resumes. I'm testing the SSL handshakes and
find that the SSL sessions are not resumed if I create new curl handles so
reusing the handle looks like a must.

However, reusing the curl handle does not seem to provide 100% SSL session
resume support. According to the OpenSSL trace log of the web server,
libcurl does not seem to update it's SSL session

- if it is not a new handshake but an attempt to resume the SSL session

- if the server does not resume the SSL session for any reason (SSL session
dead, cache miss, etc)

In this case, a new SSL session is created between client and server but it
does not seem to be kept by the libcurl client. This happens now for each
following requests. I can provide the server SSL engine log files if
anybody would be interested.

Any ideas on this? Is this an OpenSSL issue?

Regards,

Cyrill

-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
Received on 2003-05-30