SSL_CTX_SET_SESSION_CACHE_MODOpenSSL_CTX_SET_SESSION_CACHE_MODE(3)
SSL_CTX_set_session_cache_mode,
SSL_CTX_get_session_cache_mode - enable/disable session
caching
#include <openssl/ssl.h>
long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);
long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);
SSL_CTX_set_session_cache_mode() enables/disables session
caching by setting the operational mode for ctx to <mode>.
SSL_CTX_get_session_cache_mode() returns the currently used
cache mode.
The OpenSSL library can store/retrieve SSL/TLS sessions for
later reuse. The sessions can be held in memory for each
ctx, if more than one SSL_CTX object is being maintained,
the sessions are unique for each SSL_CTX object.
In order to reuse a session, a client must send the
session's id to the server. It can only send exactly one id.
The server then either agrees to reuse the session or it
starts a full handshake (to create a new session).
A server will lookup up the session in its internal session
storage. If the session is not found in internal storage or
lookups for the internal storage have been deactivated
(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try the
external storage if available.
Since a client may try to reuse a session intended for use
in a different context, the session id context must be set
by the server (see SSL_CTX_set_session_id_context(3)).
The following session cache modes and modifiers are avail-
able:
SSL_SESS_CACHE_OFF
No session caching for client or server takes place.
SSL_SESS_CACHE_CLIENT
Client sessions are added to the session cache. As there
is no reliable way for the OpenSSL library to know
whether a session should be reused or which session to
choose (due to the abstract BIO layer the SSL engine
does not have details about the connection), the appli-
cation must select the session to be reused by using the
MirBSD #10-current 2005-02-05 1
SSL_CTX_SET_SESSION_CACHE_MODOpenSSL_CTX_SET_SESSION_CACHE_MODE(3)
SSL_set_session(3) function. This option is not
activated by default.
SSL_SESS_CACHE_SERVER
Server sessions are added to the session cache. When a
client proposes a session to be reused, the server looks
for the corresponding session in (first) the internal
session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
is set), then (second) in the external cache if avail-
able. If the session is found, the server will try to
reuse the session. This is the default.
SSL_SESS_CACHE_BOTH
Enable both SSL_SESS_CACHE_CLIENT and
SSL_SESS_CACHE_SERVER at the same time.
SSL_SESS_CACHE_NO_AUTO_CLEAR
Normally the session cache is checked for expired ses-
sions every 255 connections using the
SSL_CTX_flush_sessions(3) function. Since this may lead
to a delay which cannot be controlled, the automatic
flushing may be disabled and SSL_CTX_flush_sessions(3)
can be called explicitly by the application.
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
By setting this flag, session-resume operations in an
SSL/TLS server will not automatically look up sessions
in the internal cache, even if sessions are automati-
cally stored there. If external session caching call-
backs are in use, this flag guarantees that all lookups
are directed to the external cache. As automatic lookup
only applies for SSL/TLS servers, the flag has no effect
on clients.
SSL_SESS_CACHE_NO_INTERNAL_STORE
Depending on the presence of SSL_SESS_CACHE_CLIENT
and/or SSL_SESS_CACHE_SERVER, sessions negotiated in an
SSL/TLS handshake may be cached for possible reuse. Nor-
mally a new session is added to the internal cache as
well as any external session caching (callback) that is
configured for the SSL_CTX. This flag will prevent ses-
sions being stored in the internal cache (though the
application can add them manually using
SSL_CTX_add_session(3)). Note: in any SSL/TLS servers
where external caching is configured, any successful
session lookups in the external cache (ie. for session-
resume requests) would normally be copied into the local
cache before processing continues - this flag prevents
these additions to the internal cache as well.
SSL_SESS_CACHE_NO_INTERNAL
Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
MirBSD #10-current 2005-02-05 2
SSL_CTX_SET_SESSION_CACHE_MODOpenSSL_CTX_SET_SESSION_CACHE_MODE(3)
SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
The default mode is SSL_SESS_CACHE_SERVER.
SSL_CTX_set_session_cache_mode() returns the previously set
cache mode.
SSL_CTX_get_session_cache_mode() returns the currently set
cache mode.
ssl(3), SSL_set_session(3), SSL_session_reused(3),
SSL_CTX_add_session(3), SSL_CTX_sess_number(3),
SSL_CTX_sess_set_cache_size(3), SSL_CTX_sess_set_get_cb(3),
SSL_CTX_set_session_id_context(3), SSL_CTX_set_timeout(3),
SSL_CTX_flush_sessions(3)
SSL_SESS_CACHE_NO_INTERNAL_STORE and
SSL_SESS_CACHE_NO_INTERNAL were introduced in OpenSSL
0.9.6h.
MirBSD #10-current 2005-02-05 3