Hello David, thanks for your reply, and that's correct. that was it for gnutls-cli. after a confusing day, one of the original item triggered my firefox browser, i thought reproduced with gnutls-cli. In the end it was a simpel favicon issue, which kept connecting (no cache).
regards, On Thu, 2011-08-25 at 23:00 -0700, David Schwartz wrote: > On 8/25/2011 6:04 AM, Arjan Filius wrote: > > > > Hello, > > > > today i ran into a situation, where i notice firefox/chrome and > > gnutls-cli use 3 tcp sessions to get a single ssl session, where openssl > > s_client takes only one. > > > > one tcp session is what i expect, and i hope someone may have an > > explanation. > > > > compared the gnutls-cli with openssl s_client as thay would do no http > > interpretation, and are easely reproduced by commandline: > > > > gnutls-cli --insecure -V -r www.xs4all.nl </dev/null > > uses 3 tcp sessions to complete > > openssl s_client -connect www.xs4all.nl:443 < /dev/null > > uses 1 tcp session to complete > > > > > > Any idea how that may come? until now, i was under the impression a ssl > > session setup should only use 1 tcp session (apart from ocsp/crl checks) > > Why are you passing '-r' to gnutls-cli? You are asking it to try to > resume the session on a new TCP connection. (I count two connections.) > > DS > > >