On Tue, Dec 23, 2014 at 8:23 PM, Ryan Culpepper <[email protected]> wrote:
> On Dec 23, 2014, at 5:21 AM, Snyder Pearson <[email protected]> > wrote: > > > I can't see any way to control either client or server-side SSL/TLS > session caching using Racket's openssl bindings. I don't really need such > control as long as the server-side part of it works as (IIUC) OpenSSL does > by default, that is, each server-side SSL context contains a session cache > that is populated and used as long as the client side shuts down their SSL > sessions properly. > > > > Is this understanding correct? Either way, do Racket's openssl bindings > work like this? > > I’m going off of fuzzy memories, but I think it will not work by default > because Racket closes SSL connections without sending the shutdown message, > and that’s supposed to invalidate the session. (Because it could indicate > that an attacker truncated communication before, say, a ChangeCipherSpec > message or something similar.) > Thanks! While that's indeed Racket's default behavior, you can override that via the #:shutdown-on-close? parameter of ports->ssl-ports [1]. Also, that only applies to Racket servers talking to clients that also use (the openssl bindings of) Racket, or which otherwise don't send shutdown messages. So let me slightly reformulate my question: does a Racket TLS server do session caching, provided that clients send shutdown messages appropriately when closing their connections? Or is there anything in the implementation of Racket's openssl bindings that inhibits OpenSSL's default caching behavior? [1] Thanks again to Matthew Flatt for very helpfully pointing this to me recently-- and for your amazing work on Racket.
____________________ Racket Users list: http://lists.racket-lang.org/users
