sessiond 0.7

A cluster for SSL/TLS servers
sessiond allows a cluster of SSL/TLS servers to share their session caches in order to prevent each node of the cluster from negotiating a separate session. SSL/TLS session is basically a set of secret values (symmetric encryption keys, MAC secrets) shared between a client and a server. The use of asymmetric cryptography required to establish new sessions is the main performance bottleneck of the TLS/SSL protocol.

sessiond takes the port number as a parameter. The default port is 54321.

The timeout is currently hardcoded to 200ms. It seems to be a reasonable value to allow uninterrupted operation in case of sessiond server failure or a lost packet.

There is no encryption of sessiond traffic, as the network infrastructure within a cluster is usually trusted.

Security requirements for the infrastructure:

* sessiond port must not be accessible from untrusted networks
* network traffic between stunnel and sessiond must only be accessible by trusted personnel

last updated on:
December 10th, 2009, 13:58 GMT
license type:
GPL (GNU General Public License) 
developed by:
Michal Trojnara
ROOT \ Security
Download Button

In a hurry? Add it to your Download Basket!

user rating



Rate it!

Add your review!