> Is it the server sending the error? No, it is the client sending the error. > Is the server running OpenSSL? Yes, I made the ssl_client and server (a simple chat functionality) scripts. > Does it happen with the same client running the same software with the > same IP address > or does it only happen with different IP addresses? > I ran the setup on localhost. it is independent of the IP thing. > I'm wondering if the server rejects the attempt to resume from different > IP addresses. I could reproduce the error on my local machine, so I guess that's not the issue. What I think is that it is more related to session contexts. Since every application will be having it's session context, the session_id might not be compatible across different application implementations What I was trying to do is to store the session negotiated between client1 and server1 (in a file, using PEM_read_ssl_session), and use the stored session in client2 and server2- (everything running on the same machine but different ports right now) I did the following- > Client side - read the stored session from the file, used SSL_set_session to set the session for the connection. > Server side - read the stored session from the file, used SSL_CTX_add_session, to add the session to the context. Observation - > Client hello - with the session_id from the file > Server hello - returned the same session_id > Fatal error (from client to server) - illegal parameter > Also see if you can reproduce the behaviour with s_client using -sess_out > and > -sess_in options. > I'll give it a try. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160503/11d87327/attachment.html>
