https://bz.apache.org/bugzilla/show_bug.cgi?id=64124
Bug ID: 64124
Summary: TLS1.3 sessions not resumable after graceful restart
Product: Apache httpd-2
Version: 2.4.39
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: dominik.stillhard@united-security-providers.ch
Target Milestone: ---
TLSv1.3 session are lost after a graceful restart, which isn't the case with
TLSv1.2.
Steps to reproduce:
- Configure shared-memory session cache:
SSLSessionCache shmcb:/path/to/datafile[(size)]
- connect with openssl s_client with the -sess_out <file> parameter so that we
get a session file.
- gracefully restart apache
- connect again with openssl s_client, this time with the -sess_in <file>
parameter so we use that session from before.
- see the full-handshake happening...
now to see the difference just do the same steps but don't gracefully restart
apache.
i have had a look in the sources at ssl_scache.c and the killing respectively
the re-initialization of the cache is skipped correctly:
at the top of ssl_scache_init:
if (ap_is_graceful()) {
return APR_SUCCESS;
}
and also at the beginning of ssl_scache_kill:
if (mc->sesscache && !ap_is_graceful()) {
mc->sesscache->destroy(mc->sesscache_context, s);
}
but still something must be wrong because the graceful obviously somehow
destroys the session...
for more details also see my question on stackoverflow:
https://stackoverflow.com/questions/60080365/apaches-sslsessioncache-not-working-correctly-with-tlsv1-3-and-graceful-restart
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
|