According to the manual, the session to be (potentially) resumed should first be retrieved by calling CyaSSL_get_session(), which returns a pointer to a CYASSL_SESSION object. To resume, a call is made to CyaSSL_set_session(), passing the saved CYASSL_SESSION pointer, after which a standard CyaSSL_connect() call is issued.

I'm probably misunderstanding something, but I believe that session objects are eventually expired and deleted. Is it therefore possible for application code to call CyaSSL_set_session() with an invalid CYASSL_SESSION object pointer?

Another question - is it possible to change the session expiry time? I believe that this is currently fixed at 500 seconds?