TLS resumption does not work on https server

[igrigorik]

If you start a TLS server via tls.Server(...), session resume appears to work, which is also backed by this test:
https://github.com/joyent/node/blob/master/test/simple/test-tls-client-resume.js#L65

However, resume is not supported when running via https.createServer(...). As far as I can see, there are no extra options that can or should be enabled to make this work when using the https API. Is this intentional behavior, and if so why?

I'm testing via Qualys SSL Labs online scanner. Example node.js server (latest stable): https://www.ssllabs.com/ssltest/analyze.html?d=www.spdy.io

Running a plain tls.Server on same host via online scanner passes the resume tests.

---

Good article by one of the devs at Opera on the subject: http://my.opera.com/yngve/blog/2011/06/23/popular-but-sluggish-secure-server-popularity-might-not-be-the-reason

In other words, according to my estimates, if you disable session resume for a heavily trafficked, secure site it is very likely that you must install 5-50 times (or more, depending on site profile) the number of servers you would have needed if you had used session resume...

[indutny]

Btw, there is #3661 <- async tls session storage which should obviously fix this issue too. Can you build node with that patch and run your test suite again?

[igrigorik]

Silly question (admittedly, I haven't dug into the code yet), but how does the tls.Server work atm then? The patch looks great, but I presume the tls implementation just keeps the data in process?

[bnoordhuis]

Right now, OpenSSL's built-in session cache is used, which is a somewhat limited in-memory store.

[igrigorik]

@bnoordhuis ah, makes sense. Why would it be disabled on https. vs tls. created server?

[mreinstein]

Why would it be disabled on https. vs tls. created server?

I'm really curious about this too.

[bnoordhuis]

Session resume works with servers created with https.createServer(...). I've landed a regression test in 10133aa.