On 03/11/2010 10:57 AM, Wan-Teh Chang wrote: > 2010/3/11 Robert Relyea <rrel...@redhat.com>: > >> The Microsoft thing is also non-standard. (and also not well documented >> -- which version of IE did it show up in?). >> > I found it documented at > http://msdn.microsoft.com/en-us/library/ms536979(VS.85).aspx > and that MSDN page says it showed up in IE6 SP1. > > >> You are right, we need a way >> to clear out the SSL cache. I know NSS provides a way to clear out the >> whole SSL cache. Ideally we should have a way to clear out just the >> 'current' SSL session without requiring new handshakes on connections >> with other servers. >> > NSS has a SSL_InvalidateSession function, but it takes an SSL FD > as the argument. I think we need a new function to invalidate a > session by name. This will allow us to invalidate an SSL session > when we no longer have an open SSL connection (represented by > an SSL FD) to the server. >
I would think that is sufficient. Javascript knows what socket the connection came in on. bob > Wan-Teh >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
