[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Proposal 195: TLS certificate normalization for Tor 0.2.4.x
On Fri, Mar 9, 2012 at 7:18 PM, George Kadianakis
[...]
> What is the reason we don't like session resumption? Does it still
> makes sense to keep it disabled even after #4436 is implemented?
The main reason not to support session resumption is that, as noted
later in this thread, it can require the server to keep key material
around after the original connection has closed.
Now, we could set an extra-short timeout interval here, I guess. With
a short enough interval, that would be functionally equivalent to what
I proposed, and probably easier to do with OpenSSL via
SSL_CTX_set_timeout() and regular calls to SSL_CTX_flush_sessions().
--
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev