On Thu, Jul 23, 2015 at 3:50 PM, Alex Soto <asotobu@xxxxxxxxx> wrote: > > It seems that everything is configured correctly since sometimes works. Have > you ever found something similar or knows what it can be happening? Do you > think that maybe the problem is on client (browser) side? > > We say that there is something in Apache Httpd since I have modified what > was printed in access_log file to print the ssl session id as second > parameter. And I get next: > > (LogFormat "%H %{SSL_SESSION_ID}e %h %l %u %t \"%r\" %>s %b") > > HTTP/1.1 - 172.17.42.1 - - [09/Jul/2015:09:15:06 +0000] "GET /hello/hello > HTTP/1.1" 200 89 This is because the SSL_SESSION_ID is not always available on the TLS side, when session tickets are used at first. It's up to the client to generate (or not) a session ID, which is only available on the first session resumption. https://tools.ietf.org/html/rfc5077#section-3.4 for the details. You may configure "SSLSessionTickets off" to disable session tickets management in TLS (using session IDs only). Regards, Yann. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx