By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
448,712 Members | 1,591 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 448,712 IT Pros & Developers. It's quick & easy.

How to resume an SSL-Session with SSLStream

P: n/a
Hi,

I have an SSLStream and i want to resume the SSL-Session for another
connection to this server. How can i do this? I havenīt found any clues
for it in SSLStream, perhaps Negotiatestream could provide me something
but i canīt find any examples for it.
Iīd appreciate any help or clues that would bring me any further.
Thanks in advance.
Azrael
Apr 22 '06 #1
Share this Question
Share on Google+
8 Replies


P: n/a
I cant remember the specifics of this, but SSL session reuse is enabled by
default in the framework for active or failed SSLStreams - but only if the
remote server supports it and the request for session reuse occurs within
the time boundaries set by the remote server.

On IIS I think you still have to set the servercachetime value for this to
work and it depends on the operating system hosting the webserver, but I
could be very wrong. You'd get a better answert in one of the IIS groups
(assuming your connecting to an IIS server). Perhaps a fish about for
servercachetime on one of the search engines would help you.

--
Regards

John Timney
Microsoft MVP

"Azrael" <Ro******@gmx.de> wrote in message
news:OL**************@TK2MSFTNGP05.phx.gbl...
Hi,

I have an SSLStream and i want to resume the SSL-Session for another
connection to this server. How can i do this? I havenīt found any clues
for it in SSLStream, perhaps Negotiatestream could provide me something
but i canīt find any examples for it.
Iīd appreciate any help or clues that would bring me any further.
Thanks in advance.
Azrael

Apr 22 '06 #2

P: n/a
John Timney ( MVP ) wrote:
I cant remember the specifics of this, but SSL session reuse is enabled by
default in the framework for active or failed SSLStreams - but only if the
remote server supports it and the request for session reuse occurs within
the time boundaries set by the remote server.

On IIS I think you still have to set the servercachetime value for this to
work and it depends on the operating system hosting the webserver, but I
could be very wrong. You'd get a better answert in one of the IIS groups
(assuming your connecting to an IIS server). Perhaps a fish about for
servercachetime on one of the search engines would help you.


I donīt reuse an ssl-session but i connect to an ftp-server and while
being connected to him i have to use the same ssl-session for the
data-connection. Tried now to use that cache by connecting to the same
server with a new instance of the SSLStream but no connection got
established. I will have to explicitly let him reuse the already
established SSLSession.
Apr 22 '06 #3

P: n/a
What I was trying to say is that the framework will always try and reuse an
ssl-session - if your ftp server doesn't support session caching then it
wont allow you to reuse the same session under any circumstances.

Pretty sure you cannot use the cache with a new instance of a stream as the
ssl protocol would see this as a session hijack attempt, and as I said you
could only use an established ssl-session if the remote server is set for
ssl-caching otherwise a new session will be established.

--
Regards

John Timney
Microsoft MVP

"Azrael" <Ro******@gmx.de> wrote in message
news:Oi**************@TK2MSFTNGP03.phx.gbl...
John Timney ( MVP ) wrote:
I cant remember the specifics of this, but SSL session reuse is enabled
by default in the framework for active or failed SSLStreams - but only if
the remote server supports it and the request for session reuse occurs
within the time boundaries set by the remote server.

On IIS I think you still have to set the servercachetime value for this
to work and it depends on the operating system hosting the webserver, but
I could be very wrong. You'd get a better answert in one of the IIS
groups (assuming your connecting to an IIS server). Perhaps a fish about
for servercachetime on one of the search engines would help you.


I donīt reuse an ssl-session but i connect to an ftp-server and while
being connected to him i have to use the same ssl-session for the
data-connection. Tried now to use that cache by connecting to the same
server with a new instance of the SSLStream but no connection got
established. I will have to explicitly let him reuse the already
established SSLSession.

Apr 23 '06 #4

P: n/a
John Timney ( MVP ) wrote:
What I was trying to say is that the framework will always try and reuse an
ssl-session - if your ftp server doesn't support session caching then it
wont allow you to reuse the same session under any circumstances.

Pretty sure you cannot use the cache with a new instance of a stream as the
ssl protocol would see this as a session hijack attempt, and as I said you
could only use an established ssl-session if the remote server is set for
ssl-caching otherwise a new session will be established.

The remote server is not only set for ssl-caching but he requests a
cached ssl-session for the data-connection. Otherwise the connection
doesnīt get established. This is defined in RFC4217 at 10.2.

This is the normal flow:
Connect to ftp server
Send "Auth tls"
set up initial SSL-Session for control-connection
Login
send "Prot p" <--- for requesting encrypted data-connnection
send "pasv"
list/request file or sth else that needs a data-connection
connect to the server and use the SSL-Session of the control-connection.
The server doesnīt accept anything else beside the control-ssl-session.

I donīt think i can rely onto the ssl-cache of my local framework but i
have to explicitly tell him to resume that the control-ssl-session.
Apr 23 '06 #5

P: n/a
Hi,

I was told real-names were desired in the newsgroups here, so i changed
my name now.

Greets
Roland Peters
Apr 23 '06 #6

P: n/a
Why dont you drop an email to someone in the.net remoting team. They will
be able to answer your question for you, if your lucky they just might be
able to tell you where its going wrong assuming you can get someone to
answer you.

http://blogs.msdn.com/dotnetremoting/

http://blogs.msdn.com/mahjayar/contact.aspx

--
Regards

John Timney
Microsoft MVP

"Roland Peters" <Ro******@gmx.de> wrote in message
news:%2******************@TK2MSFTNGP03.phx.gbl...
Hi,

I was told real-names were desired in the newsgroups here, so i changed my
name now.

Greets
Roland Peters

Apr 23 '06 #7

P: n/a
John Timney ( MVP ) wrote:
Why dont you drop an email to someone in the.net remoting team. They will
be able to answer your question for you, if your lucky they just might be
able to tell you where its going wrong assuming you can get someone to
answer you.

http://blogs.msdn.com/dotnetremoting/

http://blogs.msdn.com/mahjayar/contact.aspx

Thank you for the hint. I dropped an email each but till now i didnīt
get any reaction. What is the average time-spawn for an answer or donīt
they respond to every question?

Roland Peters
Apr 25 '06 #8

P: n/a
They MS employees tend to be very busy people,as Microsoft like to get their
moneys worth from them. I would not expect them answer everyone to be
honest but your question might intrigue one of them.

If you get no luck I would try and post your question in the forums at
www.asp.net or try the Managed newsgroups if you have an MSDN subsciption.
http://msdn.microsoft.com/subscripti...s/default.aspx

--
Regards

John Timney
Microsoft MVP
"Roland Peters" <Ro******@gmx.de> wrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
John Timney ( MVP ) wrote:
Why dont you drop an email to someone in the.net remoting team. They
will be able to answer your question for you, if your lucky they just
might be able to tell you where its going wrong assuming you can get
someone to answer you.

http://blogs.msdn.com/dotnetremoting/

http://blogs.msdn.com/mahjayar/contact.aspx

Thank you for the hint. I dropped an email each but till now i didnīt get
any reaction. What is the average time-spawn for an answer or donīt they
respond to every question?

Roland Peters

Apr 26 '06 #9

This discussion thread is closed

Replies have been disabled for this discussion.