Is it possible to pass an SSL connection to another process?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Is it possible to pass an SSL connection to another process?

Torsten Förtsch
Hi,

on UNIX one can pass a file descriptor to an unrelated process. Is it
possible to serialize/deserialize the current SSL state so that the
receiver can continue to handle the connection without the other side
noticing?

If yes, how?

Thanks,
Torsten
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Is it possible to pass an SSL connection to another process?

Salz, Rich
> Is it possible to serialize/deserialize the current SSL state so that the receiver can continue to handle the connection without the other side noticing?

Yes it's possible.  Two places to look are the "session ticket" code within OpenSSL, and the "serialize" function in Apache module modssl.  You'll have to rummage through the source.

        /r$

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]