cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: Question regarding using the ssl sessionid usage

From: Niranjan Ramakrishnan <willowbreaker_at_hotmail.com>
Date: Wed, 1 Apr 2009 12:21:48 -0700

From what I understood from Daniel's input in the question, the sessionid will be reused only for the next SSL handshake when the earlier connection has been closed. As far as I understand , the sessionid will be reused across multiple handshakes by default and that this feature can be disabled with the --no-sessionid flag.

Am I missing something here ?

Thanks

Date: Wed, 1 Apr 2009 13:04:28 -0500
Subject: Re: Question regarding using the ssl sessionid usage
From: pekowski_at_gmail.com
To: curl-users_at_cool.haxx.se

2009/4/1 Niranjan Ramakrishnan willowbreaker_at_hotmail.com

REQUEST

/usr/local/bin/curl --verbose -k --url https://www.google.com - In the ClientHello , I see sessionid length as 0 - As expected.

The ServerHello sends a sessionid

I resend the request

/usr/local/bin/curl --verbose -k --url https://www.google.com - In the ClientHello , I see sessionid length as 0 - I would expect it to reuse the sessionid that was sent previously.

Please let me know if I am doing something wrong.

SSL sessions are not saved across separate invocations of the curl command line. This is fairly standard practice. The SSL sessions are part of the Open SSL library whose cache only exists for as long as the process lives. If you want SSL sessions to be reused, then you should look into making each request come from the same process. This can be done by using libcurl. There are many language bindings for libcurl including Perl, my personal favorite. You would simply write a script that makes each HTTP request in sequence. You will find that the SSL session is reused on the subsequent requests. There are simple examples to be found of how to make an HTTP request using the Perl language bindings.

There is one question that comes to mind. Why do you care? The overhead in creating a brand new curl command line process is probably as long or longer than creating the SSL session, at least from the client side. It does add some overhead to the server, but again, are you sure there is a problem with this? Are you planning on a high rate of transactions? Or maybe the server caches the user identity based upon the SSL session, rare, but not unheard of.

Ray
_________________________________________________________________
Windows Live�: Keep your life in sync.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_042009

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-04-01

This message: [ Message body ]
Next message: R B: "curl and Javascript based submit form"
Previous message: Ray Pekowski: "Re: Question regarding using the ssl sessionid usage"
In reply to: Ray Pekowski: "Re: Question regarding using the ssl sessionid usage"
Next in thread: Ray Pekowski: "Re: Question regarding using the ssl sessionid usage"
Reply: Ray Pekowski: "Re: Question regarding using the ssl sessionid usage"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]