Using NSS 3.35 on MacOSX to test session resumption (via session id).
If a client connect to a selfserv server with same options many times, the
server may not reuse the session.
I used a JSSE client to connect the selfserv server twice. In the second
connection, the client used the same SSL context that used in the first
connection, that means the client reused the session.
I repeated the above operation in a loop, and sometimes the session was not
reused in a single operation.
In single operation, the server side output likes the below:
--------------------
selfserv: SSL version 3.3 using 256-bit AES with 160-bit SHA1 MAC
selfserv: Server Auth: 256-bit ECDSA, Key Exchange: 256-bit ECDHE
Compression: NULL, Extended Master Secret: No
selfserv: subject DN: CN=server
selfserv: issuer DN: CN=root
selfserv: 0 cache hits; 2 cache misses, 0 cache not reusable
0 stateless resumes, 0 ticket parse failures
selfserv: HDX PR_Read hit EOF returned error 0:
Undefined error: 0
selfserv: SSL version 3.3 using 256-bit AES with 160-bit SHA1 MAC
selfserv: Server Auth: 256-bit ECDSA, Key Exchange: 256-bit ECDHE
Compression: NULL, Extended Master Secret: No
selfserv: subject DN: CN=server
selfserv: issuer DN: CN=root
selfserv: 0 cache hits; 2 cache misses, 0 cache not reusable
0 stateless resumes, 0 ticket parse failures
selfserv: HDX PR_Read hit EOF returned error 0:
Undefined error: 0
--------------------
In the second connection, no cache was hit.
In addition, I also used the same client to connect OpenSSL s_server, but
didn't meet this problem.
Thanks!
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
