[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 195: TLS certificate normalization for Tor 0.2.4.x



On Mar 10, 2012, at 2:18 AM, George Kadianakis wrote:
> 
> IIRC stateless TLS session resumption does not quire keeping key
> material. The required key material are all stored on the client side.

You're thinking of this RFC5077 or its predecessor RFC4507, which only became implemented in OpenSSL 0.9.9 (http://rt.openssl.org/Ticket/Display.html?id=1574). The usual way to achieve session resumption before that was to keep around (cache) symmetric key data for a predefined period of time. Trouble is that many unixoid OS distributions still ship with a system OpenSSL version < 0.9.9.

Cheers,
Ralf
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev