Client side caching for TLS
Authors: D. Boneh, H. Shacham, and Eric Rescrola
Abstract:
We propose two new mechanisms for caching handshake information on TLS
clients. The ``fast-track'' mechanism provides a client side cache of
a server's public parameters and negotiated parameters in the course
of an initial, enabling handshake. These parameters need not be resent
on subsequent handshakes. Fast-track reduces both network
traffic and the number of round trips, and requires no additional
server state. These savings are most useful in high latency
environments such as wireless networks. The ``client side session cache''
mechanism allows the server to store an encrypted version of the
session information on a client, allowing a server to maintain a much
larger number of active sessions in a given memory footprint. Our
design is fully backwards compatible with TLS: extended clients can
interoperate with servers unaware of our extensions and vice versa. We
have implemented our proposal to demonstrate the resulting efficiency
improvements.
Reference:
ACM Trans. Info. and Sys. Security, 7(4):553-75, Nov. 2004
Extended abstract in NDSS 2002
Full paper: PDF [first posted 10/2002 ]