What is Session Resumption?
An SSL handshake is expensive and consists of several steps. And many typical browser operations close the client connection after each page access, so the handshake must be performed for every new page. Session resumption allows cipher key details from a previous session to be used again. This bypasses some of the more expensive SSL operations (like the client key exchange step). It’s worth it for any embedded system, just due to this fact. The one negative for session resumption is that the cipher keys are used for much longer (around 1 day – but this is compile-time configurable – see mconf->SSL Library->Session expiry time) and so are more susceptible to attack. axTLS supports session renegotiation as well. All build modes except skeleton mode support session resumption, and the number of sessions that are cached is run-time configurable.