29,30c29,31
< server. It can only send exactly one id. The server then decides whether it
< agrees in reusing the session or starts the handshake for a new session.
---
> server. It can only send exactly one id. The server then either
> agrees to reuse the session or it starts a full handshake (to create a new
> session).
32,34c33,36
< A server will lookup up the session in its internal session storage. If
< the session is not found in internal storage or internal storage is
< deactivated, the server will try the external storage if available.
---
> A server will lookup up the session in its internal session storage. If the
> session is not found in internal storage or lookups for the internal storage
> have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
> the external storage if available.
60,62c62,65
< session to be reused, the session is looked up in the internal session cache.
< If the session is found, the server will try to reuse the session.
< This is the default.
---
> session to be reused, the server looks for the corresponding session in (first)
> the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
> then (second) in the external cache if available. If the session is found, the
> server will try to reuse the session. This is the default.
80,83c83,87
< By setting this flag sessions are cached in the internal storage but
< they are not looked up automatically. If an external session cache
< is enabled, sessions are looked up in the external cache. As automatic
< lookup only applies for SSL/TLS servers, the flag has no effect on
---
> By setting this flag, session-resume operations in an SSL/TLS server will not
> automatically look up sessions in the internal cache, even if sessions are
> automatically stored there. If external session caching callbacks are in use,
> this flag guarantees that all lookups are directed to the external cache.
> As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
85a90,108
> =item SSL_SESS_CACHE_NO_INTERNAL_STORE
>
> Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
> sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
> Normally a new session is added to the internal cache as well as any external
> session caching (callback) that is configured for the SSL_CTX. This flag will
> prevent sessions being stored in the internal cache (though the application can
> add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note:
> in any SSL/TLS servers where external caching is configured, any successful
> session lookups in the external cache (ie. for session-resume requests) would
> normally be copied into the local cache before processing continues - this flag
> prevents these additions to the internal cache as well.
>
> =item SSL_SESS_CACHE_NO_INTERNAL
>
> Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
> SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
>
>
100a124
> L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
107a132,136
> =head1 HISTORY
>
> SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL
> were introduced in OpenSSL 0.9.6h.
>
< server. It can only send exactly one id. The server then decides whether it
< agrees in reusing the session or starts the handshake for a new session.
---
> server. It can only send exactly one id. The server then either
> agrees to reuse the session or it starts a full handshake (to create a new
> session).
32,34c33,36
< A server will lookup up the session in its internal session storage. If
< the session is not found in internal storage or internal storage is
< deactivated, the server will try the external storage if available.
---
> A server will lookup up the session in its internal session storage. If the
> session is not found in internal storage or lookups for the internal storage
> have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
> the external storage if available.
60,62c62,65
< session to be reused, the session is looked up in the internal session cache.
< If the session is found, the server will try to reuse the session.
< This is the default.
---
> session to be reused, the server looks for the corresponding session in (first)
> the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
> then (second) in the external cache if available. If the session is found, the
> server will try to reuse the session. This is the default.
80,83c83,87
< By setting this flag sessions are cached in the internal storage but
< they are not looked up automatically. If an external session cache
< is enabled, sessions are looked up in the external cache. As automatic
< lookup only applies for SSL/TLS servers, the flag has no effect on
---
> By setting this flag, session-resume operations in an SSL/TLS server will not
> automatically look up sessions in the internal cache, even if sessions are
> automatically stored there. If external session caching callbacks are in use,
> this flag guarantees that all lookups are directed to the external cache.
> As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
85a90,108
> =item SSL_SESS_CACHE_NO_INTERNAL_STORE
>
> Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
> sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
> Normally a new session is added to the internal cache as well as any external
> session caching (callback) that is configured for the SSL_CTX. This flag will
> prevent sessions being stored in the internal cache (though the application can
> add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note:
> in any SSL/TLS servers where external caching is configured, any successful
> session lookups in the external cache (ie. for session-resume requests) would
> normally be copied into the local cache before processing continues - this flag
> prevents these additions to the internal cache as well.
>
> =item SSL_SESS_CACHE_NO_INTERNAL
>
> Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
> SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
>
>
100a124
> L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
107a132,136
> =head1 HISTORY
>
> SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL
> were introduced in OpenSSL 0.9.6h.
>