On Dec 23, 2014, at 5:21 AM, Snyder Pearson <[email protected]> wrote:
> I can't see any way to control either client or server-side SSL/TLS session > caching using Racket's openssl bindings. I don't really need such control as > long as the server-side part of it works as (IIUC) OpenSSL does by default, > that is, each server-side SSL context contains a session cache that is > populated and used as long as the client side shuts down their SSL sessions > properly. > > Is this understanding correct? Either way, do Racket's openssl bindings work > like this? I’m going off of fuzzy memories, but I think it will not work by default because Racket closes SSL connections without sending the shutdown message, and that’s supposed to invalidate the session. (Because it could indicate that an attacker truncated communication before, say, a ChangeCipherSpec message or something similar.) Ryan ____________________ Racket Users list: http://lists.racket-lang.org/users
