[tor-dev] Proposal 195: TLS certificate normalization for Tor 0.2.4.x

Ralf-Philipp Weinmann ralf at coderpunks.org
Sun Mar 11 02:24:58 UTC 2012


On Mar 10, 2012, at 2:18 AM, George Kadianakis wrote:
> 
> IIRC stateless TLS session resumption does not quire keeping key
> material. The required key material are all stored on the client side.

You're thinking of this RFC5077 or its predecessor RFC4507, which only became implemented in OpenSSL 0.9.9 (http://rt.openssl.org/Ticket/Display.html?id=1574). The usual way to achieve session resumption before that was to keep around (cache) symmetric key data for a predefined period of time. Trouble is that many unixoid OS distributions still ship with a system OpenSSL version < 0.9.9.

Cheers,
Ralf


More information about the tor-dev mailing list