=head1 NOTES
The ssl session contains all information required to re-establish the
-connection without a full handshake for SSL versions <= TLSv1.2. In TLSv1.3 the
-same is true, but sessions are established after the main handshake has occurred.
-The server will send the session information to the client at a time of its
-choosing which may be some while after the initial connection is established (or
-not at all). Calling these functions on the client side in TLSv1.3 before the
-session has been established will still return an SSL_SESSION object but it
-cannot be used for resuming the session. See L<SSL_SESSION_is_resumable(3)> for
-information on how to determine whether an SSL_SESSION object can be used for
-resumption or not.
-
-Additionally, in TLSv1.3, a server can send multiple session messages for a
-single connection. In that case the above functions will only return information
-on the last session that was received.
+connection without a full handshake for SSL versions up to and including
+TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the
+main handshake has occurred. The server will send the session information to the
+client at a time of its choosing, which may be some while after the initial
+connection is established (or never). Calling these functions on the client side
+in TLSv1.3 before the session has been established will still return an
+SSL_SESSION object but that object cannot be used for resuming the session. See
+L<SSL_SESSION_is_resumable(3)> for information on how to determine whether an
+SSL_SESSION object can be used for resumption or not.
+
+Additionally, in TLSv1.3, a server can send multiple messages that establish a
+session for a single connection. In that case the above functions will only
+return information on the last session that was received.
The preferred way for applications to obtain a resumable SSL_SESSION object is
to use a new session callback as described in L<SSL_CTX_sess_set_new_cb(3)>.
enables applications to obtain information about all sessions sent by the
server.
+A session will be automatically removed from the session cache and marked as
+non-resumable if the connection is not closed down cleanly, e.g. if a fatal
+error occurs on the connection or L<SSL_shutdown(3)> is not called prior to
+L<SSL_free(3)>.
+
In TLSv1.3 it is recommended that each SSL_SESSION object is only used for
resumption once.
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
projects / openssl.git / blobdiff