configure SSL session timeout

This is a multipart message in MIME format.
--=_alternative 00271EF648257092_=
Content-Type: text/plain; charset="us-ascii"

Dear All,

I know the SSL session timeout param can be configured by the directive
"SSLSessionCacheTimeout". Is there any setting or API for the browser or
client application to configure the SSL session timeout param and override
the server's one such that each application can configure their timeout
period of the SSL connection according to their requirement?

Please advise and regards,

KT Chow
--=_alternative 00271EF648257092_=
Content-Type: text/html; charset="us-ascii"



Dear All,



I know the SSL session timeout param can be configured by the directive "SSLSessionCacheTimeout". Is there any setting or API for the browser or client application to configure the SSL session timeout param and override the server's one such that each application can configure their timeout period of the SSL connection according to their requirement?



Please advise and regards,



KT Chow
--=_alternative 00271EF648257092_=--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: configure SSL session timeout

> I know the SSL session timeout param can be configured by the directive
> "SSLSessionCacheTimeout". Is there any setting or API for the browser or
> client application to configure the SSL session timeout param and overrid=
e
> the server's one such that each application can configure their timeout
> period of the SSL connection according to their requirement?

Nope... not that I know of.

--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: configure SSL session timeout

On Thu, Oct 06, 2005 at 09:51:47AM -0400, Cliff Woolley wrote:
> > I know the SSL session timeout param can be configured by the directive
> > "SSLSessionCacheTimeout". Is there any setting or API for the browser or
> > client application to configure the SSL session timeout param and override
> > the server's one such that each application can configure their timeout
> > period of the SSL connection according to their requirement?
>
> Nope... not that I know of.
>
Just to clear this up - both the client and the server choose wether
they want to reuse sessions. SSLSessionCacheTimeout sets how long the
server is willing to reuse a session, but a client may choose not to
reuse the session after a shorter time. When a session expires on the
server, a client may try to reuse the session, but the server won't
allow that.
One example of a client using short session times is IE which would
expire SSL2 sessions really fast, but allow TLSv1 with strong crypto to
live much longer (that experience is a couple of years old, so they've
probably changed the policy many times over since then).

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org