Re: [tor-dev] Proposal 195: TLS certificate normalization for Tor 0.2.4.x

On Fri, Mar 9, 2012 at 7:18 PM, George Kadianakis [...]

What is the reason we don't like session resumption? Does it still makes sense to keep it disabled even after #4436 is implemented?

The main reason not to support session resumption is that, as noted later in this thread, it can require the server to keep key material around after the original connection has closed.

Now, we could set an extra-short timeout interval here, I guess. With a short enough interval, that would be functionally equivalent to what I proposed, and probably easier to do with OpenSSL via SSL_CTX_set_timeout() and regular calls to SSL_CTX_flush_sessions().