WinInet+SSL: Can't make abbreviated SSL handshake

Question

My ActiveX component uses WinInet.dll and uses SSL certificate authority to establish SSL connection with the server.

It always do full SSL handshake with the server if it is not hosted in the IE process. And I can't find any way to reuse SessionID header in the Client Hello to make abbreviated SSL handshake.

Otherwise, if my ActiveX is hosted in the IE process then reusing of the SessionID header works automatically.

Looks like IE applies additional settings to my connection. Does anybody know these additional settings? Can anybody suggest me some tips how I can fight this issue?

P.S. It is Delphi project, so I can't use WCF and can't move to the OpenSSL also.

---

I think I should give some clarification here:

1. My ActiveX uses WinInet.dll in both cases (in the IE process context and in the non-IE process context) for sure.

2. WinInet.dll does SSL/TLS handshake himselves. I have no access to the SessionID header on the WinInet level but IE have.

3. IE knows how to setup WinInet to use previous SessionID if my ActiveX is hosted insede IE process. WinInet does abbreviated SSL/TLS handshake.

4. If I use WinInet.dll inside non-IE process then WinInet didn't use SessionID for Client Hello. WinInet does full SSL/TLS handshake.

5. So we have two scenarios for SSL/TLS handshake here: full for not-IE process and abbreviated for IE process. See more about these scenarios in the MSDN blog http://blogs.msdn.com/b/huizhu/archive/2009/12/17/ssl-_2f00_tls-full-handshake-vs.-abbreviated-handshake.aspx

Hope it is more clear now.

Answer 1

Internet Explorer uses WinInet for its own connections. Assuming your ActiveX is an in-process object, when it is hosted inside of IE then WinInet is simply sharing information with itself within the same process. You don't get that when your ActiveX is hosted in non-IE processes that are not using WinInet themselves.