9 Jan
2008
9 Jan
'08
4:54 a.m.
Josh Howlett wrote:
Ah, of course. FWIW, TTLSv0 has this to say about that:
[Implementation note: Toolkits that implement TLS often cache resumable TLS sessions automatically. Implementers must take care to override such automatic behavior, and prevent sessions from being cached for possible resumption until the user has been positively authenticated during phase 2.]
Yes. I'll have to check if the patch does that. Alan DeKok.