[openssl-users] How to disable SSL session resumption completelly?
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Sep 12 15:02:24 UTC 2016
On Mon, Sep 12, 2016 at 05:35:06PM +0300, Andrey Kulikov wrote:
> I'm using OpenSSL 1.0.2g
> In my client I would like to disable SSL session resumption completely (for
> test purposes).
The odd thing is that on the client side, nothing in OpenSSL does
resumption by default, because OpenSSL does not know which cached
sessions might be appropriate for a given new connection. Client-side
re-use happens only via SSL_set_session(3). Perhaps your application
code is explicitly assigning previous sessions to nascent SSL
connections.
--
VIktor.
More information about the openssl-users
mailing list