Topic: Client side session caching

According to the manual, the session to be (potentially) resumed should first be retrieved by calling CyaSSL_get_session(), which returns a pointer to a CYASSL_SESSION object. To resume, a call is made to CyaSSL_set_session(), passing the saved CYASSL_SESSION pointer, after which a standard CyaSSL_connect() call is issued.

I'm probably misunderstanding something, but I believe that session objects are eventually expired and deleted. Is it therefore possible for application code to call CyaSSL_set_session() with an invalid CYASSL_SESSION object pointer?

Another question - is it possible to change the session expiry time? I believe that this is currently fixed at 500 seconds?

Share

Re: Client side session caching

They eventually expire, but they aren't deleted. If you use an expired saved session, the connection will perform a new handshake.

The functions CyaSSL_CTX_set_timeout() and CyaSSL_set_timeout() will adjust the expiry time in seconds.