httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 64124] New: TLS1.3 sessions not resumable after graceful restart
Date Fri, 07 Feb 2020 10:10:18 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=64124

            Bug ID: 64124
           Summary: TLS1.3 sessions not resumable after graceful restart
           Product: Apache httpd-2
           Version: 2.4.39
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: dominik.stillhard@united-security-providers.ch
  Target Milestone: ---

TLSv1.3 session are lost after a graceful restart, which isn't the case with
TLSv1.2.

Steps to reproduce:
- Configure shared-memory session cache:
    SSLSessionCache shmcb:/path/to/datafile[(size)] 

- connect with openssl s_client with the -sess_out <file> parameter so that we
get a session file.

- gracefully restart apache

- connect again with openssl s_client, this time with the -sess_in <file>
parameter so we use that session from before.

- see the full-handshake happening...

now to see the difference just do the same steps but don't gracefully restart
apache.

i have had a look in the sources at ssl_scache.c and the killing respectively
the re-initialization of the cache is skipped correctly:

at the top of ssl_scache_init: 
    if (ap_is_graceful()) {
        return APR_SUCCESS;
    }

and also at the beginning of ssl_scache_kill:
    if (mc->sesscache && !ap_is_graceful()) {
        mc->sesscache->destroy(mc->sesscache_context, s);
    }


but still something must be wrong because the graceful obviously somehow
destroys the session...

for more details also see my question on stackoverflow:
https://stackoverflow.com/questions/60080365/apaches-sslsessioncache-not-working-correctly-with-tlsv1-3-and-graceful-restart

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message