7 - manipulate generation of SSL session IDs (server only)
24 new session ids for SSL/TLS sessions for B<ctx> to be B<cb>.
27 new session ids for SSL/TLS sessions for B<ssl> to be B<cb>.
29 SSL_has_matching_session_id() checks, whether a session with id B<id>
30 (of length B<id_len>) is already contained in the internal session cache
35 When a new session is established between client and server, the server
36 generates a session id. The session id is an arbitrary sequence of bytes.
37 The length of the session id is between 1 and 32 bytes.  The session id is not
38 security critical but must be unique for the server. Additionally, the session id is
39 transmitted in the clear when reusing the session so it must not contain
43 session id from pseudo random numbers of the maximum possible length.
44 Using the callback function, the session id can be changed to contain
59 Since the sessions must be distinguished, session ids must be unique.
61 of generating the same session id is extremely small (2^256 for SSLv3/TLSv1).
62 In order to assure the uniqueness of the generated session id, the callback must call
66 a unique sequence number into the session id, uniqueness could easily be
73 SSL_has_matching_session_id() will only query the internal session cache,
74 not the external one. Since the session id is generated before the
76 another thread is using the same internal session cache, a race condition
77 can occur in that another thread generates the same session id.
78 Collisions can also occur when using an external session cache, since
82 The callback must return 0 if it cannot generate a session id for whatever
90 SSL_has_matching_session_id() returns 1 if another session with the
95 The callback function listed will generate a session id with the
111           * anyway, e.g. the server could only possibly create 1 session
112           * ID (i.e. the prefix!) so all future session negotiations will

Last Index update Mon Nov 25 22:09:01 UTC 2024

Dedicated to & Maintained by Room-11