Can WWW::Mechanize resume a previous SSL session?

Question

The SSL handshake between my script and a server is very slow. To make repeated connections faster, I would like WWW::Mechanize to reuse/resume the previous SSL session. Is this possible?

Here's an exmample using the openssl command to resume a session. I'd like WWW::Mechanize to do something like this.

This command saves the SSL session parameters to my_session.pem. This SSL handshake is slow.

openssl s_client -connect my.server:443 -sess_out my_session.pem

This command uses my_session.pem to resume the previous session. This SSL handshake is fast.

openssl s_client -connect my.server:443 -sess_in my_session.pem

Answer 1

WWW::Mechanize is based on LWP::UserAgent which itself using in its current version (since version 6) IO::Socket::SSL as the default backend. IO::Socket::SSL supports explicit session caching on the client side with the SSL_session_cache_size parameter, but by default no session caching is done.

You should be able to enable it with something like this:

 my $ua = WWW::Mechanize->new;
 $ua->ssl_opts( SSL_session_cache_size => 200 );

Please note that this only creates an in-memory cache. Having a permanent cache which you can use between runs of the program is currently not built-in, you would need to create something like this by your own and specify it with the SSL_session_cache parameter. In your implementation you would need to take care of serializing the SSL_SESSION objects before storing them to disk, because they currently are just pointers to an in-memory location which is specific to the current process.