stephen-soltesz
commented
8 years ago LGTM.
There is a tension between the short-term pragmatic and long-term collective action of enforcing well behaved clients.
After in person discussion, this is the rationale that balances this tension for me:
If this change does not reduce the error rate for client connections, then it does not address the problem for which it was added and we will back it out.
If this change does reduce the error rate for client connections, then this means that the NDT TLS implementation allows no worse clients than the TLS implementation of the site or page serving the NDT landing page. And, it is unreasonable (at this time) to have a higher standard than the site hosting the landing page.
Makes the server's SSL setup as cross-compatible as OpenSSL can possibly be.
Eliminates session caching, as a proper implementation of session caching requires IPC when you have a server that forks, and we avoid unnecessary IPC in pursuit of simplicity.
This change is