When opening a server socket with tls::socket -server, every time a client connects, a new SSL_CTX structure is created for that connection. This means, if certificates are provided with -certfile, -cafile and -keyfile, they are opened and read for every connection, as can be seen with strace. How do I avoid this?

• Using -cert and -file instead requires a manual conversion of PEM-files to DER (and there is no equivalent for -cafile).
• -model cannot be supplied to tls::socket, but this would require a weird workaround to get a "model connection" anyway.

Optimally tls::socket -server would cache the first SSL_CTX and use it for subsequent connections.

I'm working on options to do this since it's also needed for session resumption. I don't have a time frame on when it would be available yet.