cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: How do I enforce a new SSL Session ID at each connection establishment

From: Shmulik Regev <shmulbox_at_gmail.com>
Date: Mon, 10 Jul 2006 19:37:33 +0200

Controlling the session expiration policy is best left to the server side
rather than the client side. With Apache such parameters can be easily set.
Note that even if the (OpenSSL based) client caches an out-dated session ID
and sends it in the handshake the server may respond with a new session ID
which the client should (and indeed OpenSSL does) respect.

Cheers,
Shmul
Received on 2006-07-10