Yuchen Dai

> Dumb question: why aren't session keys stored per socket? why are they shared between multiple SSL sockets? SSL socket stands for a TLS connection. Without reusing the stored `SSL_SESSION`,...

The most recent session reuse efforts was done by @PiotrSikora in https://github.com/envoyproxy/envoy/blame/main/source/common/tls/context_impl.cc#L774 Let me quickly add a PR to explain my proposed interface change

I prefer TransportSocketOptions because we can populate tag value out of TLS transport socket for example, hash proxy protocol values in the tag (or not). the tls socket config should...

@kyessenov Do you think https://github.com/envoyproxy/envoy/pull/33517 is a good start? I have some early code proving that there is no memory access issue and much better session use.

@ggreenway Thank you for the pointer and review! I add my comment to the interface ish PR. Please let me know if my comments make sense.

> There probably needs to be a way to delete sessions when the associated Host is removed (by EDS update, etc). Tracking the life of host is hard. If we...

I am not against the idea of adding a per host session cache solution However, I wish we can have a shared by cluster solution first. WDYT?

> Why would you want to keep the tls session if a host is garbage collected by OriginalDst? It seems best to discard it when that happens. > > Some...

Regarding single use, I read that TLS 1.3 session is only single use, but in my experiment I see session reuse is always reused. It can be easily reproduced by...