From looking at OpenSSL output, vaultenv doesn't currently seem to re-use TLS sessions. Doing this would be a performance improvement, especially on the server side. (Go TLS is quite slow golang/go#20058)

The underlying tls package has a concept of a SessionManager exactly for this:

https://hackage.haskell.org/package/tls-session-manager
https://hackage.haskell.org/package/tls-1.4.0/docs/Network-TLS.html#t:SessionManager

I opened an issue on the connection package because the docs were a bit confusing.

I think we should experiment with the tls-session-manager package to see if we can get it to work.

There has been no progress on vincenthz/hs-connection#32 for a long time. If we want this, perhaps we should look into binding libcurl instead.