Is there anyone who can help to this unanswered topic... ? From: devexplorer@xxxxxxxxxxx To: users@xxxxxxxxxxxxxxxx Subject: mod_ssl: SSL handshake is done on every request Date: Mon, 21 Dec 2009 11:35:10 +0100 Dear, I am running Apache 2.2.14. I also applied the patch to enforce SSL renegotiation from server only. Testing the proposed solution in SSL mutual authentication context, the full renegotiation is done once but I noticed that the handshake is done for every request. The test web page is made of 30 request/responses and we can see from the LOG that 30 handshakes are done even though session is found in cache. Below, extract of the LOG files: ' ssl_engine_kernel.c: Performing full renegotiation: complete handshake protocol ' ssl_engine_kernel.c: OpenSSL: Handshake: start ' ssl_engine_kernel.c: OpenSSL: Loop: SSL renegotiate ciphers ' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write hello request A ' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 flush data ' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write hello request C ... ' ssl_engine_kernel.c: Inter-Process Session Cache: request=SET status=OK id=D893868C1224CF057AFE1C604B7C7725E23E92F22CB6EE338997038F95533213 timeout=3600s (session caching) ' ssl_engine_kernel.c: OpenSSL: Handshake: done ... ' ssl_engine_kernel.c: OpenSSL: Handshake: start ' ssl_engine_kernel.c: OpenSSL: Loop: before/accept initialization ... ' ssl_engine_kernel.c: Inter-Process Session Cache: request=GET status=FOUND id=D893868C1224CF057AFE1C604B7C7725E23E92F22CB6EE338997038F95533213 (session reuse) ' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 read client hello A ' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server hello A ' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write certificate A ' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server done A ... ' ssl_engine_kernel.c: OpenSSL: Handshake: start ' ssl_engine_kernel.c: OpenSSL: Loop: before/accept initialization ... ' ssl_engine_kernel.c: Inter-Process Session Cache: request=GET status=FOUND id=D893868C1224CF057AFE1C604B7C7725E23E92F22CB6EE338997038F95533213 (session reuse) ' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 read client hello A ' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server hello A ' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write certificate A ' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server done A ... - What is the reason of the handshake for every request? - What is the purpose of the cache? - Is the new handshake conveyed under the existing ssl session? - How to avoid theses handshakes if not required? Thanks. Regards, Ben. Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you. Windows Live: Keep your friends up to date with what you do online. |