Hi all.
Does mod_ssl ever explicitly turn session ID caching off? At least looking at
the source code, it does not appear to do so. Is this intentional?
e.g. This is where the default cache mode is overrriden...
[from ssl_init_Module() in ssl_engine_init.c]
/*
* Warn the user that he should use the session cache.
* But we can operate without it, of course.
*/
if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) {
ssl_log(s, SSL_LOG_WARN,
"Init: Session Cache is not configured [hint:SSLSessionCache]");
mc->nSessionCacheMode = SSL_SCMODE_NONE;
}
...
But just below this, where each virtual server is configured, we have...
[from ssl_init_ConfigureServer in ssl_engine_init.c]
/*
* Configure additional context ingredients
*/
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
if (mc->nSessionCacheMode == SSL_SCMODE_UNSET)
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
else
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
...
Also, has anyone ever gotten IE to work over SSL when session ID caching is
turned off?
TIA...
regards,
Anshuman.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
