We're using the standard internal session (maintained per SSL_CTX object); not
tickets.
We're seeing that the sessions are shared, a refcount is maintained, but that
SSL does modified fields within a session while it's being used. Most notably
an address sanitizer build found the EC point stuff being mangled.
It seems there are bugs in the OpenSSL stuff.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
