Simon Bernard

> I also tried with java 15, which has also the new EC implementation and it fails with that. I guess this confirms the idea : https://bugs.openjdk.org/browse/JDK-8183666

It was obvious to me that when a session expired, correlated connections expired too. So, I looked deeper on this and I didn't find clear resource about that but now...

I was understanding the same but after the @boaks' remarks I made some research and I concluded that this should probably not be interpreted in that way. (see all the...

> I'm not sure, why the "master secret" or "connection secret" should be easier to obtain from a device than the credentials. If these credentials would be protected by a...

> Just to say, I'm not against such a timeout, but FMPOV it's wrong to tell the people, that this will make a device more save. I get it, but...

[here](http://ietf.10.n7.nabble.com/ticket-lifetimes-td583656.html) a discussion about session ticket lifetime in TLS 1.3

I would like to re-talk/re-work about this feature. I read this discussion again and I'm still not sure about the direction we should go... (not for 2.0.0-M15 :)) It seems...

Does it means you think that 4 is the better option ? I feel this is the more flexible way but maybe not so easy to use or implement than...

Should we close this issue ? Or should we wait that : > To include the session cache requires to extend that cache as well. (from : #1007)

I try to resume : Regarding RFCs and discussion above, we have 2 main concepts : connection and session. Each one could have a lifetime. With current implementation : **1....