Forum Discussion
ronnieandsandyd
14 years agoNew Contributor
TomaasBark,
I'm not quite sure what you mean by requoting what fhartojo said in the original post.
His invalidate session code made it into the nightly build and, subsequently, the next release (4.0).
The invalidate session has the side-effect I outlined in my first post.
To be more clear, I was suggesting one of fhartojo's more elaborate suggestions (than invalidate the cached ssl session before each attemp to reuse) or a 3rd option be implemented. Here they are, in order, below:
1. invalidate the SSL session if the handshake fails when reusing the session
2. set the enabled cipher suites if it's not using a cached session (I'll be honest. I don't really know what that means)
3. have an "invalidate SSL session between each request" configuration option
I'm not quite sure what you mean by requoting what fhartojo said in the original post.
His invalidate session code made it into the nightly build and, subsequently, the next release (4.0).
The invalidate session has the side-effect I outlined in my first post.
To be more clear, I was suggesting one of fhartojo's more elaborate suggestions (than invalidate the cached ssl session before each attemp to reuse) or a 3rd option be implemented. Here they are, in order, below:
1. invalidate the SSL session if the handshake fails when reusing the session
2. set the enabled cipher suites if it's not using a cached session (I'll be honest. I don't really know what that means)
3. have an "invalidate SSL session between each request" configuration option
Related Content
- 14 years ago
- 16 years ago
Recent Discussions
- 18 days ago