Qt enables SSL session sharing by default in next update

by Retired on ‎04-03-2013 09:54 AM (3,293 Views)

The next software update for BlackBerry® 10 will among others bring an updated version of Qt®. One feature that is enabled in the new Qt version is that SSL session sharing (session identifiers as described in RFC 5246) will be enabled by default: This saves a network roundtrip for SSL handshakes that can reuse a SSL session from a previously completed handshake, provided the server supports this feature.
All applications that use HTTP calls over SSL to a server that supports shared sessions will receive this performance benefit; since many Web services offer their API over SSL (e.g.  Facebook® and Twitter®), this change hopefully speeds up many apps.
Unfortunately, there are very few servers out there that claim to support SSL session sharing but turn out not to; in such a case, you can disable the feature explicitly with code similar to the one below:

QNetworkRequest request(url);
QSslConfiguration config = request.sslConfiguration();
config.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
// then send the request as usual

You can find out whether the server you are connecting to advertises session sharing correctly with e.g. the openssl command line tool (just replace the server name in the commands below):

openssl s_client -connect www.qt-project.org:443 -sess_out session-qt
openssl s_client -connect www.qt-project.org:443 -sess_in session-qt
// works and resumes sessions
openssl s_client -connect www.blackberry.com:443 -sess_out session-bb
openssl s_client -connect www.blackberry.com:443 -sess_in session-bb
// works and does not resume sessions

If the second call to your server (the one with the "-sess_in" parameter) still works, the server is working correctly and there is nothing you need to do. If not, you probably want to turn off session sharing in your app with the code snippet presented earlier.