httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52703] SSL+SNI+client-auth "lost" after some time
Date Sat, 03 Mar 2012 01:46:26 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52703

--- Comment #6 from Eric Covener <covener@gmail.com> 2012-03-03 01:46:26 UTC ---
I clicked through.  In the failing case the client tries to resume the session
and does not set a server_name extension in the handshake.  The resume seems to
succeed (the session ID itself is not in the parsed trace, but the exchange is
clearly very short).

Presumably openssl doesn't save/restore this info in the session, because it
comes in on a part of the handshake that isn't abbreviated (initial client
hello).

When the same client isn't trying to resume a session, it sends the server_name
extension.

It does not seem to directly explain why the clients do the right thing with
SSL session caching disabled, since all things being equal they should just
continue down the "fail" case but with a new session created.

So in short, Apache uses the extension when it's present in the handshake.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message