cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: Question regarding using the ssl sessionid usage

From: Niranjan Ramakrishnan <willowbreaker_at_hotmail.com>
Date: Tue, 31 Mar 2009 09:36:07 -0700

Thanks however for pointing out my improper use of the
--sessionid flag. It was a cut and paste error. I did however try
sending the same request over different connections and I still did not
see the session id being sent as part of the ClientHello.. However , I think that the openssl version may be a point of interest. The curl --version gives the following information

curl 7.19.4 (i686-pc-linux-gnu) libcurl/7.19.4 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: IDN IPv6 Largefile NTLM SSL libz

whereas when I check for the openssl version , I get the following -

OpenSSL 0.9.8k 25 Mar 2009

There seems to be a version mismatch between the openssl libraries that curl used to build and the one installed on my machine ( I installed this version a few days back ).

Could this be contributing to the behavior somehow ?

I tested the same operations with openssl 0.9.8k ( the reconnect operative ) and did see the client request containing the session id when I ran the tcpdump trace.

Any suggestions ?

Thanks in advance

> Date: Tue, 31 Mar 2009 11:19:59 +0200
> From: daniel_at_haxx.se
> To: curl-users_at_cool.haxx.se
> Subject: Re: Question regarding using the ssl sessionid usage
>
> On Tue, 31 Mar 2009, Niranjan Ramakrishnan wrote:
>
> > curl --verbose -sessionid -k -1 -2 -3 https://URLPATH https://URLPATH
>
> "-sessionid" is not the same as "--sessionid" which probably is what you
> want.
>
> Then, --sessionid only works with 7.19.0 or later but is already the default
> behavior so in most situations you won't need to use it.
>
> > When I do a tcpdump for this and look at the traffic , I do not see the
> > sessionid being reused. What is the way to reuse ssl session id.
>
> curl uses libcurl which primarily reuses the entire connection and only if the
> connection gets closed it attempts to re-use the sessionid in the next SSL
> handshake.
>
> If you think you see a case where it doesn't re-use the SSL sessionid where it
> should, it could be a possible bug. Can you provide us with a command line
> against a public URL that shows this? And also tell us what curl version on
> what OS you're using.
>
> --
> Daniel
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html

_________________________________________________________________
Quick access to Windows Live and your favorite MSN content with Internet Explorer 8.
http://ie8.msn.com/microsoft/internet-explorer-8/en-us/ie8.aspx?ocid=B037MSN55C0701A

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-03-31