> I am implementing a HTTPS client software using SSLeay 0.8.1, which > "talks" to secure web servers. > > Now I am trying to optimize the performance, and it looks like > generating of "handshake" for each time I access the same server > is an overhead, and there should be a way to reuse the crypto > information between the requests, so that after the first time > only encryption and decryption of HTTP information will be performed. > > So, I have a few questions: > > * Is that possible at all with SSLeay? Yes. Look for the session cache. > * Is that true that the handshake and keys generation is done > upon the call to SSL_connect() ? > > * How can I reuse the "active" handshake information? > Where is it stored? > > * Is there any way to know whether this information is still valid > for the server (I guess the server's policy will be invalidation > after some timeout...) ? Not directly. But if the server discarded the information it will not accept the session id and SSleay will generate a fresh key. > * Is Keep-Alive option in HTTP (reuse of the same socket for the > connection) actually required to do the trick I want to, or is it > possible to do that without Keep-Alive? Works without Keep-Alive too. > Thanks in advance, > > Max. > Software Developer - Mercury Interactive Israel > [EMAIL PROTECTED] or [EMAIL PROTECTED] -- read you later - Holger Reif ------------------------------------ Signaturprojekt Deutsche Einheit TU Ilmenau - Informatik - Telematik (Verdamp lang her) [EMAIL PROTECTED] Alt wie ein Baum werden, um ueber Remus.PrakInf.TU-Ilmenau.DE/Reif/ alle 7 Bruecken gehen zu koennen +-------------------------------------------------------------------------+ | Administrative requests should be sent to [EMAIL PROTECTED] | | List service provided by Open Software Associates, http://www.osa.com/ | +-------------------------------------------------------------------------+
