gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[sr #108146] gnutls client tls library not supporting session ticket ren

From: Daniel Black
Subject: [sr #108146] gnutls client tls library not supporting session ticket renewing and aborting
Date: Sun, 30 Sep 2012 06:08:35 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.10 Safari/537.11 
URL:
  <http://savannah.gnu.org/support/?108146>

                 Summary: gnutls client tls library not supporting session
ticket renewing and aborting
                 Project: GnuTLS
            Submitted by: danblack
            Submitted on: Sun 30 Sep 2012 06:08:35 AM GMT
                Category: Core library
                Priority: 5 - Normal
                Severity: 4 - Important
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: GNU/Linux

    _______________________________________________________

Details:

RFC5077 3.4 paragraph two allows for renewing session tickets. 

I've used the openssl SSL_CTX_set_tlsext_ticket_key_cb returning the value 2
to perform a renew of the session ticket the following implementation in
nginx.
http://trac.nginx.org/nginx/ticket/120

I've setup a test site with 20 seconds expiry on session tickets and it
attempts to renew the session ticket after 10 seconds.

A thin client program using is here:
https://github.com/grooverdan/rfc5077

running the following generates:

$ ./gnutls-client -r -r -r -d 15  nginxtest.openquery.com 443
[✔] Parse arguments.
[✔] Initialize GNU TLS library.
[✔] Solve nginxtest.openquery.com:443:
    │ Will connect to 173.230.149.19
[✔] Initialize TLS session.
[✔] Enable use of session tickets (RFC 5077).
[✔] Connect to nginxtest.openquery.com:443.
[✔] Start TLS renegotiation.
[✔] Check if session was reused:
    │ SSL session was not used
[✔] Get current session:
    │ Session context:
    │ Protocol : TLS1.2
    │ Cipher : AES-128-CBC
    │ Kx : RSA
    │ Compression : NULL
    │ PSK : (null)
    │ ID : D589B43480B198100389F2223D4FC3EA162E6402AD53D03A16509D6155D57FDD
[✔] Send HTTP GET.
[✔] Get HTTP answer:
    │ HTTP/1.1 200 OK
[✔] End TLS connection.
[✔] waiting 15 seconds.
[✔] Initialize TLS session.
[✔] Enable use of session tickets (RFC 5077).
[✔] Copy old session.
[✔] Connect to nginxtest.openquery.com:443.
[✘] Start TLS renegotiation:
    │ Unable to start TLS renegotiation:
    │ An unexpected TLS packet was received.

This was running with gnutls version 2.12.17




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108146>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]