HTTP是一种应用程序协议,可以关闭并重新打开底层TCP连接,而不会影响HTTP应用程序(性能除外)。 通过使用HTTP1.1,我们使用持久连接,但仍然是服务器或客户端可以随时关闭连接。 对于安全性HTTP通过SSL / TLS使用TCP。 我的理解是SSL的行为很像应用程序,至少这是TCP的视图SSL。 我的问题是,如果底层TCP套接字在安全连接建立后的某个时刻关闭,这是否意味着SSL会话变为无效并且各方应该从ssl握手开始? 或底层TCP连接与TLS会话无关?
HTTP is an application protocol and the underlying TCP connection could be closed and reopen without affecting the HTTP application (except performance). By using HTTP1.1 we use persistent connections but still a server or client could close the connection at any time. For security HTTP uses TCP via SSL/TLS. My understanding is that SSL acts much like an application, at least this is how TCP "views" SSL. My question is if the underlying TCP socket closes at a point after the secure connection has been established, does this mean that the SSL session becomes invalid and the parties should start over the ssl handshake? Or the underlying TCP connection is irrelevant to the TLS session?
谢谢!
推荐答案
这是否意味着SSL会话无效,各方应重新开始ssl握手?
does this mean that the SSL session becomes invalid and the parties should start over the ssl handshake?
是的,SSL / TLS会话结束,必须重新建立握手。 TLS包括恢复会话的机制(仍然会执行一些操作,但不会完全握手),但并非所有应用程序都支持它。
Yes, the SSL/TLS session is over and handshake must be re-established. TLS includes mechanisms for resuming the session (there still will be some operations performed, but less than in full handshake), but not all applications support it.
请参阅 ietf/rfc /rfc2246.txt ,F.1.4有关恢复的技术细节。
See ietf/rfc/rfc2246.txt, F.1.4 for technical details on resuming.
更多推荐
http持久连接和ssl会话
发布评论