[ovs-dev] [PATCH 2/2] stream-ssl: Enable SSL session caching.

Justin Pettit jpettit at nicira.com
Tue Aug 10 22:22:26 UTC 2010


On Aug 9, 2010, at 4:15 PM, Ben Pfaff wrote:

> +    /* Statistics. */
> +    COVERAGE_INC(ssl_session);
> +    if (SSL_session_reused(sslv->ssl)) {
> +        COVERAGE_INC(ssl_session_reused);
> +    }
> +
> +    /* Delete old session, if any. */
> +    ssl_flush_session(stream);

It wasn't immediately clear to me why you would want to flush the session when it was just reused.  A bit more explanation might help those of us who aren't blessed with being able to spend so much time with the OpenSSL library.

> +    /* Add new session. */
> +    session = SSL_get1_session(sslv->ssl);
> +    if (session) {
> +        shash_add(&client_sessions, stream_get_name(stream), session);
> +        if (shash_count(&client_sessions) > MAX_CLIENT_SESSION_CACHE) {
> +            ssl_delete_session(shash_random_node(&client_sessions));
> +        }
> +    }


Since the cache is relatively small, would it be better to delete a random session before adding the new one.  It seems likely that the newest entry is most likely to be reused in our setup.

(The first patch in the series looked good.)

--Justin






More information about the dev mailing list