On Tue, Nov 20, 2001 at 06:09:04PM +0200, Arne Ansper wrote:
> we have a client program that uses external session database for session
> caching. we have found a bug in client side session caching. or actually a
> missing functionality.
>
> after decoding stored session using d2i function the cipher parameter of
> SSL_SESSION structure is zero. on server side the cipher field is filled
> from cipher_id in ssl_sess.c function ssl_get_prev_session (this function
> is used only in server side). in openssl 0.9.6b the relevant code looks
> like this:
>
> if (ret->cipher == NULL)
> {
> unsigned char buf[5],*p;
> unsigned long l;
>
> p=buf;
> l=ret->cipher_id;
> l2n(l,p);
> if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
> ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
> else
> ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
> if (ret->cipher == NULL)
> goto err;
> }
>
> but there is no function to do it on the client side.
The SSL client will receive the selected cipher from the server in the
server hello message (RFC2246, Section 7.4.1):
cipher_suite
The single cipher suite selected by the server from the list in
ClientHello.cipher_suites. For resumed sessions this field is the
value from the state of the session being resumed.
The OpenSSL client does set the cipher based on this returned value.
It is therefore not necessary to set the cipher in advance.
Do you have any problems due to this behaviour?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
