[erlang-questions] SSL server session cache table issues:

Kenneth Lakin <>
Wed Dec 7 23:41:23 CET 2016


On 12/07/2016 05:30 AM, Fred Hebert wrote:
> The option is cleverly named ... it prevents reuse of sessions, but not
> their creation.

Is it true that there's no way to change connection-specific SSL server
or client options without tearing down the connection and recreating it?
If it is, then shouldn't {reuse_sessions, false} prevent session caching
for that connection? Or might the assumption be that a session created
and cached with a {r_s, false} connection could be later reused with a
{r_s, true} connection?

> We further detected more scans happening due to a PEM cache, which we
> patched options to bypass it in https://github.com/erlang/otp/pull/1143
> -- the OTP team merged it in for OTP 19.1

I was going to complain that bypass_pem_cache option was undocumented,
but I just found the ssl_app page that documents that option, as well as
all of the SSL app options that I _thought_ were undocumented. I now
feel quite a bit sheepish.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20161207/c0adce68/attachment.bin>


More information about the erlang-questions mailing list