Sorry for late reply. On Thu, Nov 10, 2011 at 11:04 AM, Eric Hodel <drbrain / segment7.net> wrote: >>> I will update the patch to check for the timeout, I did not know it >>> existed. >> >> OpenSSL has a client session cache in SSLContext but it's not so >> useful because you need to keep Sessions by yourself, and pick proper >> Session for each server. Here's a sample usage of client session cache: >> >> https://github.com/nahi/httpclient/commit/7fc04933961ea3ea5a2aa595172ca7= cd29a718f5 >> >> You would want to implement session cache instead. > > I think enabling the session cache is useless for net/http because it is = single-connection oriented. Instead, just using an ivar to store the sessi= on is OK. > > In http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html, e= nabling SSL_SESS_CACHE_CLIENT says: > >> Client sessions are added to the session cache. As there is no reliable = way for the OpenSSL library to know whether a session should be reused or w= hich session to choose (due to the abstract BIO layer the SSL engine does n= ot have details about the connection), the application must select the sess= ion to be reused by using the SSL_set_session(3) function. This option is n= ot activated by default. > > > I think for net/http the client session cache is useless. net/http only = connects to one server per instance and will only have one context alive at= a time, so the cache will not hold more than one session at a time. Indeed. That's insufficient. > Instead of jumping through the hoops of the client session cache (cache-m= anaging class, callbacks) it will be easier to store the session in an inst= ance variable after connect() and SSL negotiation (since there can only eve= r be one item in the cache for net/http) and apply the session from the iva= r via SSL_set_session (SSLSocket#session=3D) when we call connect() again. I like the new patch. Let's commit it and see how it affects existing serve= rs. Thank you!