Alexey Ivanov created TS-3092:
---------------------------------
Summary: SSL_CTX_set_timeout should be set even if Server Side
Session Cache is disabled
Key: TS-3092
URL: https://issues.apache.org/jira/browse/TS-3092
Project: Traffic Server
Issue Type: Bug
Components: SSL
Reporter: Alexey Ivanov
Currently {{SSL_CTX_set_timeout}} is called only if
{{params->ssl_session_cache}} equals to
{{SSLConfigParams::SSL_SESSION_CACHE_MODE_SERVER}} but inside openssl's code
that timeout is used also for TLS ticket (RFC5077) lifetime hint:
ssl/s3_srvr.c:
{code}
int ssl3_send_newsession_ticket(SSL *s)
...skip...
/* Ticket lifetime hint (advisory only):
* We leave this unspecified for resumed session (for
simplicity),
* and guess that tickets for new sessions will live as long
* as their sessions. */
l2n(s->hit ? 0 : s->session->timeout, p);
...skip...
{code}
so we should probably set it even if {{ssl_session_cache}} is disabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
