| If you're using OpenSSL, you can disable RFC 5077 Session Tickets via SSL_OP_NO_TICKET: https://wiki.openssl.org/index.php/SSL/TLS_Client#Session_Ti... Figuring out how to access that option from your library/language is an exercise for the reader. Looking into this for Python. Python 3 supports sessions and the tickets may be disabled: https://docs.python.org/3/library/ssl.html#ssl.SSLSession https://docs.python.org/3/library/ssl.html#ssl.OP_NO_TICKET For Python 2, I see no way to get at the session object (at least on the client side), much less disable session tickets: https://docs.python.org/2/library/ssl.html Under Python 2, pyOpenSSL has better support. You can make use of it on Python2 (and 3) via requests by installing `requests[security]` instead of just `requests`. Using `[security]` causes requests to pull in pyOpenSSL, cryptography and idna packages. Under the covers, requests is using urllib3 and it ends up makes this call if pyOpenSSL is installed: urllib3.contrib.pyopenssl.inject_into_urllib3()
http://urllib3.readthedocs.io/en/latest/reference/urllib3.co...That's as far as I've gotten. There's no documentation so it's going to require reading the urllib3 source to figure out what's going on under the hood. Edit: nope, urllib3 doesn't support SSL session re-use. There's an open PR: https://github.com/shazow/urllib3/issues/590 |