Default value of a session resumption timeout (300 seconds vs 7200 seconds)
John Thoe
johnthoe at outlook.com
Sat Jan 23 15:22:34 UTC 2021
Hi list,
The session reuse question posted on the mailing list earlier (https://mta.openssl.org/pipermail/openssl-users/2021-January/013360.html) reminded of a somewhat similar question I have.
As per the docs, https://www.openssl.org/docs/man1.0.2/man3/SSL_get_default_timeout.html, it says the default value is 300 seconds for which a session resuse will be accepted. The docs say that it is the same for all protocols.
However I tried it with my setup where I didn't explicitly set the timeout and I am getting 7200 seconds as the default value. s_client output: TLS session ticket lifetime hint: 7200 (seconds). My client openssl.conf has no setting override (not that it should matter because this is a server preference). No OpenSSL settings on the server have been modified as well.
In ssl/ssl_sess.c#L80, the code matches the document: ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */ ... (with additional four seconds?)
I have noticed similar outputs (7200 seconds) from searching about this question so seems like I am not the only one. What is the reason for this discrepancy and is the value 300 seconds or 7200 seconds?
- JT
More information about the openssl-users
mailing list