11 Mar
2012
11 Mar
'12
2:24 a.m.
On Mar 10, 2012, at 2:18 AM, George Kadianakis wrote:
IIRC stateless TLS session resumption does not quire keeping key material. The required key material are all stored on the client side.
You're thinking of this RFC5077 or its predecessor RFC4507, which only became implemented in OpenSSL 0.9.9 (http://rt.openssl.org/Ticket/Display.html?id=1574). The usual way to achieve session resumption before that was to keep around (cache) symmetric key data for a predefined period of time. Trouble is that many unixoid OS distributions still ship with a system OpenSSL version < 0.9.9.
Cheers, Ralf