Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What is Session Resumption?

resumption session
0
Posted

What is Session Resumption?

0 CommentsAdd a Comment

1 Answer

0

An SSL handshake is expensive and consists of several steps. And many typical browser operations close the client connection after each page access, so the handshake must be performed for every new page. Session resumption allows cipher key details from a previous session to be used again. This bypasses some of the more expensive SSL operations (like the client key exchange step). It’s worth it for any embedded system, just due to this fact. The one negative for session resumption is that the cipher keys are used for much longer (around 1 day – but this is compile-time configurable – see mconf->SSL Library->Session expiry time) and so are more susceptible to attack. axTLS supports session renegotiation as well. All build modes except skeleton mode support session resumption, and the number of sessions that are cached is run-time configurable.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.