|
From: | Daniel Black |
Subject: | [sr #108146] gnutls client tls library not supporting session ticket renewing and aborting |
Date: | Sun, 30 Sep 2012 06:08:35 +0000 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.10 Safari/537.11 |
URL: <http://savannah.gnu.org/support/?108146> Summary: gnutls client tls library not supporting session ticket renewing and aborting Project: GnuTLS Submitted by: danblack Submitted on: Sun 30 Sep 2012 06:08:35 AM GMT Category: Core library Priority: 5 - Normal Severity: 4 - Important Status: None Privacy: Public Assigned to: None Originator Email: Open/Closed: Open Discussion Lock: Any Operating System: GNU/Linux _______________________________________________________ Details: RFC5077 3.4 paragraph two allows for renewing session tickets. I've used the openssl SSL_CTX_set_tlsext_ticket_key_cb returning the value 2 to perform a renew of the session ticket the following implementation in nginx. http://trac.nginx.org/nginx/ticket/120 I've setup a test site with 20 seconds expiry on session tickets and it attempts to renew the session ticket after 10 seconds. A thin client program using is here: https://github.com/grooverdan/rfc5077 running the following generates: $ ./gnutls-client -r -r -r -d 15 nginxtest.openquery.com 443 [✔] Parse arguments. [✔] Initialize GNU TLS library. [✔] Solve nginxtest.openquery.com:443: │ Will connect to 173.230.149.19 [✔] Initialize TLS session. [✔] Enable use of session tickets (RFC 5077). [✔] Connect to nginxtest.openquery.com:443. [✔] Start TLS renegotiation. [✔] Check if session was reused: │ SSL session was not used [✔] Get current session: │ Session context: │ Protocol : TLS1.2 │ Cipher : AES-128-CBC │ Kx : RSA │ Compression : NULL │ PSK : (null) │ ID : D589B43480B198100389F2223D4FC3EA162E6402AD53D03A16509D6155D57FDD [✔] Send HTTP GET. [✔] Get HTTP answer: │ HTTP/1.1 200 OK [✔] End TLS connection. [✔] waiting 15 seconds. [✔] Initialize TLS session. [✔] Enable use of session tickets (RFC 5077). [✔] Copy old session. [✔] Connect to nginxtest.openquery.com:443. [✘] Start TLS renegotiation: │ Unable to start TLS renegotiation: │ An unexpected TLS packet was received. This was running with gnutls version 2.12.17 _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/support/?108146> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |