[openssl-users] How to disable SSL session resumption completelly?

Viktor Dukhovni openssl-users at dukhovni.org
Mon Sep 12 15:02:24 UTC 2016

On Mon, Sep 12, 2016 at 05:35:06PM +0300, Andrey Kulikov wrote:

> I'm using OpenSSL 1.0.2g
> In my client I would like to disable SSL session resumption completely (for
> test purposes).

The odd thing is that on the client side, nothing in OpenSSL does
resumption by default, because OpenSSL does not know which cached
sessions might be appropriate for a given new connection.  Client-side
re-use happens only via SSL_set_session(3).  Perhaps your application
code is explicitly assigning previous sessions to nascent SSL


More information about the openssl-users mailing list