From bugs-return-55147-archive-asf-public=cust-asf.ponee.io@httpd.apache.org Fri Feb 7 10:10:21 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 1E3B218060E for ; Fri, 7 Feb 2020 11:10:21 +0100 (CET) Received: (qmail 30256 invoked by uid 500); 7 Feb 2020 10:10:20 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 30247 invoked by uid 99); 7 Feb 2020 10:10:20 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Feb 2020 10:10:20 +0000 Received: from bz-he-de.apache.org (bz-he-de.apache.org [148.251.237.210]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTPS id 8B839E29AA for ; Fri, 7 Feb 2020 10:10:19 +0000 (UTC) Received: by bz-he-de.apache.org (ASF Mail Server at bz-he-de.apache.org, from userid 33) id 79FD66A006A; Fri, 7 Feb 2020 10:10:18 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: [Bug 64124] New: TLS1.3 sessions not resumable after graceful restart Date: Fri, 07 Feb 2020 10:10:18 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_ssl X-Bugzilla-Version: 2.4.39 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: dominik.stillhard@united-security-providers.ch X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bz.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 https://bz.apache.org/bugzilla/show_bug.cgi?id=3D64124 Bug ID: 64124 Summary: TLS1.3 sessions not resumable after graceful restart Product: Apache httpd-2 Version: 2.4.39 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: mod_ssl Assignee: bugs@httpd.apache.org Reporter: dominik.stillhard@united-security-providers.ch Target Milestone: --- TLSv1.3 session are lost after a graceful restart, which isn't the case with TLSv1.2. Steps to reproduce: - Configure shared-memory session cache: SSLSessionCache shmcb:/path/to/datafile[(size)]=20 - connect with openssl s_client with the -sess_out parameter so that= we get a session file. - gracefully restart apache - connect again with openssl s_client, this time with the -sess_in parameter so we use that session from before. - see the full-handshake happening... now to see the difference just do the same steps but don't gracefully resta= rt apache. i have had a look in the sources at ssl_scache.c and the killing respective= ly the re-initialization of the cache is skipped correctly: at the top of ssl_scache_init:=20 if (ap_is_graceful()) { return APR_SUCCESS; } and also at the beginning of ssl_scache_kill: if (mc->sesscache && !ap_is_graceful()) { mc->sesscache->destroy(mc->sesscache_context, s); } but still something must be wrong because the graceful obviously somehow destroys the session... for more details also see my question on stackoverflow: https://stackoverflow.com/questions/60080365/apaches-sslsessioncache-not-wo= rking-correctly-with-tlsv1-3-and-graceful-restart --=20 You are receiving this mail because: You are the assignee for the bug.= --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org