We're using the standard internal session (maintained per SSL_CTX object); not tickets.
We're seeing that the sessions are shared, a refcount is maintained, but that SSL does modified fields within a session while it's being used. Most notably an address sanitizer build found the EC point stuff being mangled. It seems there are bugs in the OpenSSL stuff. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me Twitter: RichSalz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org