Issue #5341 has been updated by Martin Bosslet.


Eric Hodel wrote:
> On Oct 26, 2011, at 6:06 AM, Hiroshi Nakamura wrote:
>  > On 10/26/2011 11:39 AM, Eric Hodel wrote:

>  I think enabling the session cache is useless for net/http because it is single-connection oriented.  Instead, just using an ivar to store the session is OK.
>  
>  In http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html, enabling SSL_SESS_CACHE_CLIENT says:
>  
>  > Client sessions are added to the session cache. As there is no reliable way for the OpenSSL library to know whether a session should be reused or which session to choose (due to the abstract BIO layer the SSL engine does not have details about the connection), the application must select the session to be reused by using the SSL_set_session(3) function. This option is not activated by default.
>  
>  
>  I think for net/http the client session cache is useless.  net/http only connects to one server per instance and will only have one context alive at a time, so the cache will not hold more than one session at a time.
>  
>  Instead of jumping through the hoops of the client session cache (cache-managing class, callbacks) it will be easier to store the session in an instance variable after connect() and SSL negotiation (since there can only ever be one item in the cache for net/http) and apply the session from the ivar via SSL_set_session (SSLSocket#session

We already had discussed some of this on IRC. I looked into the TLS RFCs a couple of days back, and from the discussion and the RFC I conclude the same as Eric, that keeping the session as an instance variable should suffice.


----------------------------------------
Feature #5341: Add SSL session reuse to Net::HTTP
http://redmine.ruby-lang.org/issues/5341

Author: Eric Hodel
Status: Open
Priority: Normal
Assignee: 
Category: lib
Target version: 1.9.4


SSL session reuse allows reconnection to an HTTPS server to avoid an SSL handshake which avoids extra computations and network round-trips and increases the performance of SSL connections.


-- 
http://redmine.ruby-lang.org