Re: SSL Session Id lost?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi I have tried to put SSLSessionTickets off to httpd.conf and httpd-ssl.conf but the result is still the same.

Regards,
Alex.

El dj., 23 jul. 2015 a les 23:03, Yann Ylavic (<ylavic.dev@xxxxxxxxx>) va escriure:
On Thu, Jul 23, 2015 at 3:50 PM, Alex Soto <asotobu@xxxxxxxxx> wrote:
>
> It seems that everything is configured correctly since sometimes works. Have
> you ever found something similar or knows what it can be happening? Do you
> think that maybe the problem is on client (browser) side?
>
> We say that there is something in Apache Httpd since I have modified what
> was printed in access_log file to print the ssl session id as second
> parameter. And I get next:
>
> (LogFormat "%H %{SSL_SESSION_ID}e %h %l %u %t \"%r\" %>s %b")
>
> HTTP/1.1 - 172.17.42.1 - - [09/Jul/2015:09:15:06 +0000] "GET /hello/hello
> HTTP/1.1" 200 89

This is because the SSL_SESSION_ID is not always available on the TLS
side, when session tickets are used at first.

It's up to the client to generate (or not) a session ID, which is only
available on the first session resumption.

https://tools.ietf.org/html/rfc5077#section-3.4 for the details.

You may configure "SSLSessionTickets off" to disable session tickets
management in TLS (using session IDs only).

Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux