httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 52703] SSL+SNI+client-auth "lost" after some time
Date Sat, 03 Mar 2012 01:46:26 GMT

--- Comment #6 from Eric Covener <> 2012-03-03 01:46:26 UTC ---
I clicked through.  In the failing case the client tries to resume the session
and does not set a server_name extension in the handshake.  The resume seems to
succeed (the session ID itself is not in the parsed trace, but the exchange is
clearly very short).

Presumably openssl doesn't save/restore this info in the session, because it
comes in on a part of the handshake that isn't abbreviated (initial client

When the same client isn't trying to resume a session, it sends the server_name

It does not seem to directly explain why the clients do the right thing with
SSL session caching disabled, since all things being equal they should just
continue down the "fail" case but with a new session created.

So in short, Apache uses the extension when it's present in the handshake.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message