Problem with TLS session resumption

Wed, 14 Mar 2007 16:38:34 -0800 

Hi,

Sorry for bothering for a second time on the same issue. I have a problem with
session resumption in OpenSSL TLS.

Initially, I set up a session between the TLS client and the TLS server. Then on
the client side I save the session, close the SSL connection, close the
TCP connection, establish a new TCP connection, create a new SSL object
and load the saved session. On the server side I enable context caching
of the ctx and the ssl object. What happens however is that during the
session resumption the client sends the session ID of the old session so
by now it is clear that the client behaves correctly. However, the
server refuses to resume the session because it sends a new session ID
and a complete handshake is started. Here is some of the code:

1) This is the client side after we have the 1st session estabslished
(error handling code removed):

 sess = SSL_get1_session(tls_info->ssl);
  
    /* Proper closing of the session */

    if (tls_info->ssl) {
        err = SSL_shutdown(tls_info->ssl);
        if (!err){
            shutdown(t -> sock, 1);
            SSL_shutdown(tls_info->ssl);
        }
    }
    if (t->sock >= 0) {
        rc = close(t->sock);
        t->sock = -1;

        SSL_free(tls_info -> ssl);
    }

    t->sock = socket(PF_INET, SOCK_STREAM, 0);
    rc = connect(t->sock, (struct sockaddr *)addr,
                 sizeof(struct sockaddr));

    tls_info -> ssl = SSL_new(tls_info->ctx);
    tls_info -> sbio=BIO_new_socket(t->sock,BIO_NOCLOSE);
    SSL_set_bio(tls_info->ssl,tls_info->sbio,tls_info->sbio);
    rc = SSL_set_session(tls_info -> ssl, sess);
    err = SSL_connect(tls_info->ssl);
  
2) This is the server side part:
static int s_server_session_id_context = 1;
SSL_CTX_set_session_id_context(tls_info -> ctx,
                               (void *)&s_server_session_id_context,
                               sizeof(s_server_session_id_context));

    SSL_set_session_id_context(tls_info -> ssl,
                               (void *)&s_server_session_id_context,
                               sizeof(s_server_session_id_context));


So again, when I ran this the client properly sends the session id of
the old session, however the server responds with a new session ID and
thus a new session is negotiated. I tried with SSL_SESS_CACHE_BOTH,
SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER for the session cache
but the result was the same. Does anybody have a clue what I am doing wrong?

Thanks,

Vladislav

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to