mod_ssl: SSL handshake is done on every request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <users@xxxxxxxxxxxxxxxx>
Subject: mod_ssl: SSL handshake is done on every request
From: Paul Jacques <devexplorer@xxxxxxxxxxx>
Date: Mon, 21 Dec 2009 11:35:10 +0100
Importance: Normal
Reply-to: users@xxxxxxxxxxxxxxxx

Dear,

I am running Apache 2.2.14.
I also applied the patch to enforce SSL renegotiation from server only.

Testing the proposed solution in SSL mutual authentication context, the full renegotiation is done once but I noticed that the handshake is done for every request.
The test web page is made of 30 request/responses and we can see from the LOG that 30 handshakes are done even though session is found in cache.

Below, extract of the LOG files:

' ssl_engine_kernel.c: Performing full renegotiation: complete handshake protocol
' ssl_engine_kernel.c: OpenSSL: Handshake: start
' ssl_engine_kernel.c: OpenSSL: Loop: SSL renegotiate ciphers
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write hello request A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 flush data
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write hello request C
...
' ssl_engine_kernel.c: Inter-Process Session Cache: request=SET status=OK id=D893868C1224CF057AFE1C604B7C7725E23E92F22CB6EE338997038F95533213 timeout=3600s (session caching)
' ssl_engine_kernel.c: OpenSSL: Handshake: done
...
' ssl_engine_kernel.c: OpenSSL: Handshake: start
' ssl_engine_kernel.c: OpenSSL: Loop: before/accept initialization
...
' ssl_engine_kernel.c: Inter-Process Session Cache: request=GET status=FOUND id=D893868C1224CF057AFE1C604B7C7725E23E92F22CB6EE338997038F95533213 (session reuse)
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 read client hello A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server hello A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write certificate A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server done A
...
' ssl_engine_kernel.c: OpenSSL: Handshake: start
' ssl_engine_kernel.c: OpenSSL: Loop: before/accept initialization
...
' ssl_engine_kernel.c: Inter-Process Session Cache: request=GET status=FOUND id=D893868C1224CF057AFE1C604B7C7725E23E92F22CB6EE338997038F95533213 (session reuse)
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 read client hello A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server hello A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write certificate A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server done A
...

- What is the reason of the handshake for every request?
- What is the purpose of the cache?
- Is the new handshake conveyed under the existing ssl session?
- How to avoid theses handshakes if not required?

Thanks.

Regards,

Ben.

Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you.

Prev by Date: Re: reverse proxy with apache 1.3 and apache 2.2
Next by Date: In-maintenance rewrite rules
Previous by thread: protecting directories
Next by thread: mod_ssl: SSL handshake is done on every request
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]