I was wondering (based on the TLS RFC and its current implementation by the major vendors / platforms - i.e. Microsoft's IIS): how would an existing active SSL / TLS session behave / react if the server where to change the certificate that was used for negotiating initially that session to an entire new certificate ?
Would the server automatically close the existing sessions ? (and specifically, how would IIS and Windows Server 2008R2/2012R2 handle this case - would the server side be able to start using the newly selected server certificate without affecting the already established SSL/TLS sessions ?)
Or would the server be able to change its certificate without affecting (closing) the already existing encrypted sessions?
Would the client detect the change at a later stage during the session (i.e. if a session renegotiation were to be performed) ?
Thank you in advance.