On Wed, Apr 1, 2015 at 10:53 PM, Brian Smith <[email protected]> wrote:
> Emilia Käsper <[email protected]> wrote: > > On Fri, Mar 27, 2015 at 10:40 PM, Brian Smith <[email protected]> > wrote: > >> If OpenSSL's client code were changed to always use an empty session > >> ID when attempting resumption using a session ticket, then the > >> EAP-FAST case wouldn't be different from the general session ticket > >> resumption case. I think that this is a cleaner approach. > > > > 1) The way EAP-FAST diverges from 5246 and 5077 is indeed quite > > unfortunate. The lookahead is messy, and hard to get right - I don't want > > another "early CCS" due to lack of determinism in the state machine. > Setting > > the session ID is much cleaner. So, I'd rather put in a workaround that > is > > specific to EAP-FAST and doesn't affect regular handshakes. > > The added complexity of having a special case for EAP-FAST seems worse > to me. After all, it's not OK to have EAP-FAST be non-secure, and so > it is important to have the no-session-ID case be correct regardless. > This has now been fixed in commit 6e3d015363ed09c4eff5c02ad41153387ffdf5af and cherry-picked to stable branches. I certainly hope it's correct! I've done my best to make it so. Cheers, Emilia > > 2) Removing the session ID upon resumption would be a big change in > > behaviour that I don't think would qualify for a stable branch anyway > unless > > there was a security or regression issue behind it. > > Fair enough. I have no idea what the compatibility problems might > arise. If I have some time, I might try to change one of the web > browsers to do this, to see what happens. If I do, I'll report back. > > Cheers, > Brian > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev >
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
