From: Hiroshi Nakamura Date: 2012-07-25T22:45:46+09:00 Subject: [ruby-core:46765] Re: [ruby-trunk - Feature #5341] Add SSL session reuse to Net::HTTP Sorry for late reply. On Thu, Nov 10, 2011 at 11:04 AM, Eric Hodel wrote: >>> I will update the patch to check for the timeout, I did not know it >>> existed. >> >> OpenSSL has a client session cache in SSLContext but it's not so >> useful because you need to keep Sessions by yourself, and pick proper >> Session for each server. Here's a sample usage of client session cache: >> >> https://github.com/nahi/httpclient/commit/7fc04933961ea3ea5a2aa595172ca7cd29a718f5 >> >> You would want to implement session cache instead. > > I think enabling the session cache is useless for net/http because it is single-connection oriented. Instead, just using an ivar to store the session is OK. > > In http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html, enabling SSL_SESS_CACHE_CLIENT says: > >> Client sessions are added to the session cache. As there is no reliable way for the OpenSSL library to know whether a session should be reused or which session to choose (due to the abstract BIO layer the SSL engine does not have details about the connection), the application must select the session to be reused by using the SSL_set_session(3) function. This option is not activated by default. > > > I think for net/http the client session cache is useless. net/http only connects to one server per instance and will only have one context alive at a time, so the cache will not hold more than one session at a time. Indeed. That's insufficient. > Instead of jumping through the hoops of the client session cache (cache-managing class, callbacks) it will be easier to store the session in an instance variable after connect() and SSL negotiation (since there can only ever be one item in the cache for net/http) and apply the session from the ivar via SSL_set_session (SSLSocket#session=) when we call connect() again. I like the new patch. Let's commit it and see how it affects existing servers. Thank you!