From: Eric Hodel Date: 2011-10-26T11:39:03+09:00 Subject: [ruby-core:40396] [ruby-trunk - Feature #5341] Add SSL session reuse to Net::HTTP Issue #5341 has been updated by Eric Hodel. =begin Net::HTTP objects can be reused. You may start and finish a connection as many times as you like (the net-http-persistent gem works this way). Currently the SSLSession can only be initialized once due to OpenSSL restrictions. To change the values you must make a new Net::HTTP object, so I think changing this behavior (if it is needed) is a separate issue. $ cat test.rb require 'socket' require 'openssl' key = OpenSSL::PKey::RSA.new 256 cert = OpenSSL::X509::Certificate.new cert.version = 2 cert.serial = 0 cert.not_before = Time.now cert.not_after = Time.now + 3600 cert.public_key = key.public_key cert.subject = OpenSSL::X509::Name.parse 'CN=nobody/DC=example' store = OpenSSL::X509::Store.new store.set_default_paths socket = TCPSocket.new 'localhost', 80 # any open port will do ssl_context = OpenSSL::SSL::SSLContext.new ssl_socket = OpenSSL::SSL::SSLSocket.new socket, ssl_context def try ssl_context, params ssl_context.set_params params rescue p params.keys.first => $!.message end try ssl_context, :@ssl_version => 3 try ssl_context, :@key => key try ssl_context, :@cert => cert try ssl_context, :@ca_file => '/nonexistent/file' try ssl_context, :@ca_path => '/nonexistent/path' try ssl_context, :@cert_store => store try ssl_context, :@ciphers => [] try ssl_context, :@verify_mode => OpenSSL::SSL::VERIFY_PEER try ssl_context, :@verify_callback => proc { |x| } try ssl_context, :@verify_depth => 2 try ssl_context, :@ssl_timeout => 99 $ make runruby ./miniruby -I./lib -I. -I.ext/common ./tool/runruby.rb --extout=.ext -- --disable-gems ./test.rb {:@ssl_version=>"can't modify frozen OpenSSL::SSL::SSLContext"} {:@key=>"can't modify frozen OpenSSL::SSL::SSLContext"} {:@cert=>"can't modify frozen OpenSSL::SSL::SSLContext"} {:@ca_file=>"can't modify frozen OpenSSL::SSL::SSLContext"} {:@ca_path=>"can't modify frozen OpenSSL::SSL::SSLContext"} {:@cert_store=>"can't modify frozen OpenSSL::SSL::SSLContext"} {:@ciphers=>"can't modify frozen OpenSSL::SSL::SSLContext"} {:@verify_mode=>"can't modify frozen OpenSSL::SSL::SSLContext"} {:@verify_callback=>"can't modify frozen OpenSSL::SSL::SSLContext"} {:@verify_depth=>"can't modify frozen OpenSSL::SSL::SSLContext"} {:@ssl_timeout=>"can't modify frozen OpenSSL::SSL::SSLContext"} $ ./miniruby -v ruby 2.0.0dev (2011-10-25 trunk 33524) [x86_64-darwin11.1.0] I will update the patch to check for the timeout, I did not know it existed. With this code: https://github.com/drbrain/net-http-persistent/blob/master/lib/net/http/persistent/ssl_reuse.rb I was only able to reproduce the issue on Ruby 1.9.1, not Ruby 1.8.7, 1.9.2, 1.9.3 or ruby trunk. =end ---------------------------------------- Feature #5341: Add SSL session reuse to Net::HTTP http://redmine.ruby-lang.org/issues/5341 Author: Eric Hodel Status: Open Priority: Normal Assignee: Category: lib Target version: 1.9.4 SSL session reuse allows reconnection to an HTTPS server to avoid an SSL handshake which avoids extra computations and network round-trips and increases the performance of SSL connections. -- http://redmine.ruby-lang.org