[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TLS] SSL session caching & lookups

To: tls@xxxxxxxx
Subject: [TLS] SSL session caching & lookups
From: "Nagendra Modadugu" <ngm+ietf@xxxxxxxxxx>
Date: Thu, 31 Jan 2008 18:30:44 -0800
Delivered-to: tls@xxxxxxxxxxxxxx
List-archive: <http://www.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces@xxxxxxxx

I'd like to get some implementation advice about a matter that is not
covered in the spec.

NSS clients currently only attempt to resume a session if the
following fields match:
* server IP
* server Port
* session ID
* server hostname

Looking up sessions in this manner means that dns-load-balancing
breaks SSL resumes.  Is there a case for checking server IP and port?

nagendra
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
http://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] SSL session caching & lookups
  - From: Martin Rex
- Re: [TLS] SSL session caching & lookups
  - From: Yoav Nir

Prev by Date: Re: [TLS] shared secrets from passwords
Next by Date: Re: [TLS] SSL session caching & lookups
Previous by thread: [TLS] shared secrets from passwords
Next by thread: Re: [TLS] SSL session caching & lookups
Index(es):
- Date
- Thread