Transparently converting a TLS session connection to facilitate session resumption

Assignee

• International Business Machines Corporation · US

Inventors

• Cheng-Ta Lee · Taipei, TW
• Wei-Hsiang Hsiung · Taipei, TW
• Wei-Shiau Suen · Taichung, TW
• Ming-Hsun Wu · Taichung, TW

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/562
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives a session ID from the TLS server, the inspector generates and issues to the client a session ticket that includes the original session ID and other session context information. In this manner, the inspector converts the Session ID-based connection to a Session Ticket-based connection. The session ticket is encrypted by the inspector to secure the session information. When the TLS client presents the session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session ID from it directly. The inspector then uses the original session ID to resume the TLS session.