[tor-dev] Proposal 195: TLS certificate normalization for Tor 0.2.4.x

Nick Mathewson nickm at alum.mit.edu
Mon Mar 12 17:23:14 UTC 2012


On Fri, Mar 9, 2012 at 7:18 PM, George Kadianakis
 [...]
> What is the reason we don't like session resumption? Does it still
> makes sense to keep it disabled even after #4436 is implemented?

The main reason not to support session resumption is that, as noted
later in this thread, it can require the server to keep key material
around after the original connection has closed.

Now, we could set an extra-short timeout interval here, I guess.  With
a short enough interval, that would be functionally equivalent to what
I proposed, and probably easier to do with OpenSSL via
SSL_CTX_set_timeout() and regular calls to SSL_CTX_flush_sessions().

-- 
Nick


More information about the tor-dev mailing list