[openssl-users] Openssl session resumption issue

Viktor Dukhovni openssl-users at dukhovni.org
Tue Mar 31 18:53:44 UTC 2015


On Tue, Mar 31, 2015 at 11:21:02PM +0530, Sahib Jakhar wrote:

> 1. On the client side, even though saving of session using
> PEM_ASN1_write_bio works,

Why are you using PEM_ASN1_write_bio()?

Serialize sessions using i2d_SSL_SESSION(), and then save the
resulting octet string ( not NUL terminated C string).  If you're
saving multiple sessions, you'll need some sort of suitable key/value
store that supports "binary" (byte array with length) values.

Why are client sessions persisted to disk?

If you must write to disk, make sure the disk file storing the
session data is not world-readable.

Do you really need a server-side session cache?  Or will session
tickets suffice?  If you do need one, something other than a
random-access database will perform very poorly, you need an LMDB
or SQLite store for a disk-based key-value server-side cache.
Something with fast lookups by session id.

> reading it again using PEM_ASN1_read_bio
> always returns NULL pointer for SSL_SESSION.

Why are you using PEM_ASN1_read_bio()?  Read back the byte array
and deserialize using d2i_SSL_SESSION().

-- 
	Viktor.


More information about the openssl-users mailing list