You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Allegedly, if you use OpenSSL and close an SSL connection without sending or receiving a close-notify, then OpenSSL invalidates any negotiated session ticket. If true then this is annoying and bad. Future versions of Python might work around it, but possibly we should work around it first.
I believe this is easy: when we want to do an unclean shutdown, then tell our SSLObject to do a clean shutdown... and then throw away the bytes it gives us, instead of sending them. Gross hack, but it should work.
How do we test this? We already have a bunch of pyopenssl code for testing; maybe it gives some way to tell whether a session is successfully reused?
The text was updated successfully, but these errors were encountered:
Allegedly, if you use OpenSSL and close an SSL connection without sending or receiving a close-notify, then OpenSSL invalidates any negotiated session ticket. If true then this is annoying and bad. Future versions of Python might work around it, but possibly we should work around it first.
I believe this is easy: when we want to do an unclean shutdown, then tell our SSLObject to do a clean shutdown... and then throw away the bytes it gives us, instead of sending them. Gross hack, but it should work.
How do we test this? We already have a bunch of pyopenssl code for testing; maybe it gives some way to tell whether a session is successfully reused?
The text was updated successfully, but these errors were encountered: