EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSL SESSION Caching

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#9169
Posted: 03/06/2009 09:01:10
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

I am trying to use session caching. I have a ssl server which provides session caching. How do i acheive that on the client using SSLBlackbox?

#9171
Posted: 03/06/2009 09:44:01
by Ken Ivanov (EldoS Corp.)

It depends on the exact class you are using. If it is an ElSecureClient class, use its Join and Resume methods. If it is an ElSimpleFTPSClient, please use its UseSSLSessionResumption property.
#9263
Posted: 03/13/2009 08:48:24
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

I looked at the documentation for EISecureClient for Join and Resume methods. They however dont state when to use them.

How, and when do i use them? Is there a sample for this?

#9265
Posted: 03/13/2009 09:01:55
by Ken Ivanov (EldoS Corp.)

In general words, you should pass the instance of ElSecureClient object who already had a secure session established (either active or closed) to the Join() method of new ElSecureClient object. Then call the Resume() method of the second ElSecureClient object to make it connect using secure parameters of the session negotiated by the first ElSecureClient object.
#9294
Posted: 03/16/2009 10:58:07
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

Is there a way to not close the ssl connection and socket using ElSecureClient? I noticed that the Close() is automatically called after data is received from the server.
#9295
Posted: 03/16/2009 11:54:13
by Eugene Mayevski (EldoS Corp.)

ElSecureClient doesn't have a socket (neither it controls it). The SSL session might be closed by the remote side or by your socket code.


Sincerely yours
Eugene Mayevski
#9299
Posted: 03/17/2009 09:47:23
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

thanks. i checked the server code and saw that i was sending a shutdown which in turn closes the ssl connection.
I have a server and a client. the servcer does NOT use SSLBlackbox. The server opens a socket and starts listening. The client makes an SSL connection and sends data and receives data. At this time i am keeping the SSL session open, because the connection between the server and client is supposed to be active and the server does not service multiple clients. I am trying to send more data to the server using the same SSL session through SecureClient.SendData, which did not work. Am i missing something?

#9300
Posted: 03/17/2009 12:09:30
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

I would like to know how to use the same SecureCLient object to send additional data to the server and receive data back from then server without having to bear the burden of opening a new connection. The server does not send a close_notify until the server is terminated, thus enabling the ssl session on the client to be active after sending the initial request.
#9307
Posted: 03/18/2009 00:33:25
by Ken Ivanov (EldoS Corp.)

If the physical (TCP) session is closed after first data exchange, then you need to reconnect the socket first. Then call ElSecureClient.Resume() method to resume the previous SSL session. If it is the same ElSecureClient object that was used for a first connection, you do not need to call its Join() method prior to resuming.
#9313
Posted: 03/18/2009 05:40:41
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

The winsock connection state is 7, which is send and receive, and the ElSecureClient is ACTIVE. But the ElSecureClient.Resume gave me an error. I had to do a ElSecureclient.Join before calling Resume. Once i called resume even though the tcp connection was open it did not send anything down to the server. it does trigger the OnSend event when i do a Resume.
The server is set to accept renegotiations.
I dont understand why we need renegotiation which is nothing but rehandshake, which is mostly used if the client needs to be authenticated again. The client is active and just performed an SSL handshake, why should the client have to renegotiate again? Why cannot it just use the active connection to send more data?
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 3932 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!