[openssl-users] Possible to control session reuse from the client?
Viktor Dukhovni
openssl-users at dukhovni.org
Sat Oct 1 16:19:53 UTC 2016
On Sat, Oct 01, 2016 at 04:12:56PM +0000, Salz, Rich wrote:
> Sessions are the server holds the state and the client sends a session-id.
The client always holds (the client side of the) state. What varies
is how much (server) state is also stored at the server.
> Tickets are the client holds the state and sends it to the server.
With tickets the client also stores the server state, encrypted,
so that the server need only hold a decryption key, which is the
same for multiple client sessions.
--
Viktor.
More information about the openssl-users
mailing list