tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 59811] New: TLS Session ID not available if session tickets are used
Date Wed, 06 Jul 2016 15:12:01 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=59811

            Bug ID: 59811
           Summary: TLS Session ID not available if session tickets are
                    used
           Product: Tomcat Native
           Version: 1.2.9
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Library
          Assignee: dev@tomcat.apache.org
          Reporter: markt@apache.org

First reported on StackOverflow:
http://stackoverflow.com/questions/38178536/tomcat-ssl-illegalstateexception-ssl-session-id-not-available

The current implementation of SSL.getSessionId() returns null if the session ID
length is zero. If session tickets are used, OpenSSL sets the length to zero.

The null session Id results in an ISE:

java.lang.IllegalStateException: SSL session ID not available
 at
org.apache.tomcat.util.net.openssl.OpenSSLEngine$OpenSSLSession.getId(OpenSSLEngine.java:1048)
 at
org.apache.tomcat.util.net.jsse.JSSESupport.getSessionId(JSSESupport.java:156)

etc.

We need to see if we can get the current session Id from tie ticket. If not,
the ISE needs to be removed.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message