cache ssl

cache ssl

Post by jaso » Tue, 10 Jun 2003 16:07:43



according to ssl draft 3.0 (found out on
http://wp.netscape.com/eng/ssl3/draft302.txt), it seemly states that
the server would check its session cache with session id sent from
client side; if match is found, the server is willing to re-establish
the connection. does this mean that ssl can be cache?? or any resource
i appreciate any suggestions, sincerely.
 
 
 

cache ssl

Post by Martin Coope » Tue, 10 Jun 2003 16:27:13



> according to ssl draft 3.0 (found out on
> http://wp.netscape.com/eng/ssl3/draft302.txt), it seemly states that
> the server would check its session cache with session id sent from
> client side; if match is found, the server is willing to re-establish
> the connection. does this mean that ssl can be cache?? or any resource
> i appreciate any suggestions, sincerely.

Hi,
        yes, an SSL session can be cached.  According to the O'reilly book
'Network Security with Openssl' ISBN 0-596-00270-X, the main problem
with SSL is the amount of overhead involved in establishing the
connection in the first place.  To cut down on this, session caching is
implemented, so as you say, the server and client will both look for the
cached session and if found, re-use the existing session.  However,
remember that the sessions are only cached for a short period of time,
defaulting to 300 seconds in openssl.

--

   Martin

 
 
 

1. Can Apache Proxy pass/cache SSL HTTPS ?

Perhaps I just haven't had enough caffeine today so I'm not seeing the
obvious.

I've set up Apache with a caching proxy and it does fine when I tell a
browser to use it for HTTP traffic.  Can I use it to proxy (and cache)
SSL traffic?  The proxy wouldn't know what the document URL was so
couldn't even cache the returned encrypted blob in any useful manner;
can it at least pass the SSL traffic through?

(What I'm trying to do right now is test something that seems broken
 with MS-Proxy: NetScape/MSIE works OK but our SSL-oriented application
 fails. I'm trying to determine if the problem is with MS-Proxy or the
 application by setting up an Apache proxy instead of the MS software.)

Thanks.

2. FTAPE and Conner 3200 tape drive w/2nd FDC

3. Pragma "no-cache" and Cache-Control "no-cache"

4. Monster Sound Card

5. Apache+SSL session cache problem

6. Need *calendar* reminder utility

7. Apache halted with SSL Cache overflow

8. netscape mail send but not receives

9. Serving pages from non-SSL server through Netscape SSL

10. Apache-SSL won't compile: Can't find ssl.h!

11. SSL and Auth required, prompts for username BEFORE establishing SSL

12. Apache-ssl or mod-ssl?

13. Replacing SSL Certficates in Apache mod-ssl