Session Expiry Times

Session Expiry Times

May 10, 2004

Update: Fixed in 1.1

Background
SSL session resumption allows session keys to be cached after a session is closed. Future sessions can be negotiated much more quickly, without an expensive private key operation with this functionality. MatrixSSL does not automatically flush cached session information based on a fixed time period.

Solution
Sessions are deleted based on their age in the session cache; once it is full, the oldest unused session data is deleted and must be re-negotiated by a client reconnecting. Cache entries are also cleared if there was an error on the SSL connection of any kind, or if the SSL server process is restarted. ARC4 cipher data throughput is also monitored to force re-keying after a maximum safe amount of data is encrypted (MatrixSSL block ciphers do not require this restriction). A future MatrixSSL release will prevent the lookup of sessions that are "stale" by a predetermined period (several days) time.

Workaround
The session cache may be periodically flushed manually if desired by the calling application.

Subscribe

Subscribe via RSS.

Tags

News (22) Releases (50)

Recent Posts

About

MatrixSSL™ is an embedded SSL and TLS implementation designed for small footprint applications and devices.

Links

Company

Copyright (c) INSIDE Secure Corp., 2002-2017. All Rights Reserved.