Client side caching for TLS

Authors: D. Boneh, H. Shacham, and Eric Rescrola

We propose two new mechanisms for caching handshake information on TLS clients. The ``fast-track'' mechanism provides a client side cache of a server's public parameters and negotiated parameters in the course of an initial, enabling handshake. These parameters need not be resent on subsequent handshakes. Fast-track reduces both network traffic and the number of round trips, and requires no additional server state. These savings are most useful in high latency environments such as wireless networks. The ``client side session cache'' mechanism allows the server to store an encrypted version of the session information on a client, allowing a server to maintain a much larger number of active sessions in a given memory footprint. Our design is fully backwards compatible with TLS: extended clients can interoperate with servers unaware of our extensions and vice versa. We have implemented our proposal to demonstrate the resulting efficiency improvements.

ACM Trans. Info. and Sys. Security, 7(4):553-75, Nov. 2004
Extended abstract in NDSS 2002

Full paper: PDF         [first posted 10/2002 ]