[openssl-users] Possible to control session reuse from the client?

Viktor Dukhovni openssl-users at dukhovni.org
Sat Oct 1 16:19:53 UTC 2016

On Sat, Oct 01, 2016 at 04:12:56PM +0000, Salz, Rich wrote:

> Sessions are the server holds the state and the client sends a session-id.

The client always holds (the client side of the) state.  What varies
is how much (server) state is also stored at the server.

> Tickets are the client holds the state and sends it to the server.

With tickets the client also stores the server state, encrypted,
so that the server need only hold a decryption key, which is the
same for multiple client sessions.


More information about the openssl-users mailing list