5

I know that most browsers nowadays support around 6 concurrent TCP sessions per hostname, to perform multiple requests at the same time.

For sites which utilise SSL, is there a separate handshake performed for each TCP session, or is a single SSL handshake performed, with the resulting symmetric key being reused for each concurrent TCP session?

fruglemonkey
  • 153
  • 4
  • This isn't a security question, it's a protocol question. You should be asking over in StackOverflow. – Steve Sether Jan 06 '15 at 02:17
  • @SteveSether While that may be true, I'm inclined to believe that people who have questions about SSL that aren't code-related will come here. In fact, this question would probably be closed on SO. SuperUser might be the better place? It's a gray-area question... – Chris Cirefice Jan 08 '15 at 00:27
  • SO is really limited then if they'd reject that question. It really needs to be broken out into multiple groups. There really needs to be a web development group specifically for the web. – Steve Sether Jan 08 '15 at 02:24

1 Answers1

5

Each new connection does a separate TCP handshake and a separate TLS handshake. But if there is an existing SSL session they will try to reuse it, so all but the first connection to a server only do an abbreviated handshake if the server supports session reuse. In case of session reuse no key exchange is performed, that is the same symmetric key is re-used. See also How does SSL/TLS work?.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434