httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Soto <asot...@gmail.com>
Subject Re: [users@httpd] SSL Session Id lost?
Date Fri, 24 Jul 2015 10:53:42 GMT
Ok finally it was the combination of the flag you mention with other flags.
Now everything works, thank you so much.

Alex.

El dv., 24 jul. 2015 a les 9:51, Alex Soto (<asotobu@gmail.com>) va
escriure:

> Hi I have tried to put SSLSessionTickets off to httpd.conf and
> httpd-ssl.conf but the result is still the same.
>
> Regards,
> Alex.
>
> El dj., 23 jul. 2015 a les 23:03, Yann Ylavic (<ylavic.dev@gmail.com>) va
> escriure:
>
>> On Thu, Jul 23, 2015 at 3:50 PM, Alex Soto <asotobu@gmail.com> wrote:
>> >
>> > It seems that everything is configured correctly since sometimes works.
>> Have
>> > you ever found something similar or knows what it can be happening? Do
>> you
>> > think that maybe the problem is on client (browser) side?
>> >
>> > We say that there is something in Apache Httpd since I have modified
>> what
>> > was printed in access_log file to print the ssl session id as second
>> > parameter. And I get next:
>> >
>> > (LogFormat "%H %{SSL_SESSION_ID}e %h %l %u %t \"%r\" %>s %b")
>> >
>> > HTTP/1.1 - 172.17.42.1 - - [09/Jul/2015:09:15:06 +0000] "GET
>> /hello/hello
>> > HTTP/1.1" 200 89
>>
>> This is because the SSL_SESSION_ID is not always available on the TLS
>> side, when session tickets are used at first.
>>
>> It's up to the client to generate (or not) a session ID, which is only
>> available on the first session resumption.
>>
>> https://tools.ietf.org/html/rfc5077#section-3.4 for the details.
>>
>> You may configure "SSLSessionTickets off" to disable session tickets
>> management in TLS (using session IDs only).
>>
>> Regards,
>> Yann.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>

Mime
View raw message