Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How long do FireFox, Chrome, Safari, and Opera cache SSL/TLS session keys?

To try to use a reason SSL/TLS session key timeout on the server-side, I'd like to know how long popular browsers cache session keys on the client.

Microsoft describes this information for Windows/IE here:

http://technet.microsoft.com/en-us/library/cc776467(WS.10).aspx

But, I haven't been able to find similar information for other popular browsers. Does anyone know? Thanks!

like image 218
dTRN Avatar asked Oct 14 '22 07:10

dTRN


2 Answers

According to a very reliable source, this is how it is meant to work in Opera:

Sessions are stored until one of the following conditions occur:

1) server refuses connection (I'm translating this and am not an expert so this may be a bad choice of words)

2) user deletes private data

3) Opera is closed

Hope this gave you some of the information you were looking for.

like image 168
hallvors Avatar answered Oct 18 '22 23:10

hallvors


Google Chrome will never store session information on the disk so most expiration occurs because the user ends the process.

Otherwise, the session store is large enough to be (effectively) infinite for most users.

We don't delete session information when flushing user data (I believe), but we will delete it if we see certain sorts of handshake failures when connecting to the server. That's part of our general fallback for buggy servers which, dealing with the messy web, one is forced to do.

like image 21
agl Avatar answered Oct 18 '22 23:10

agl