cURL / Mailing Lists / curl-users / Single Mail


RE: Question regarding using the ssl sessionid usage

From: Niranjan Ramakrishnan <>
Date: Tue, 31 Mar 2009 09:36:07 -0700

Thanks however for pointing out my improper use of the
--sessionid flag. It was a cut and paste error. I did however try
sending the same request over different connections and I still did not
see the session id being sent as part of the ClientHello.. However , I think that the openssl version may be a point of interest. The curl --version gives the following information

curl 7.19.4 (i686-pc-linux-gnu) libcurl/7.19.4 OpenSSL/0.9.7a zlib/ libidn/0.5.6
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: IDN IPv6 Largefile NTLM SSL libz

whereas when I check for the openssl version , I get the following -

OpenSSL 0.9.8k 25 Mar 2009

There seems to be a version mismatch between the openssl libraries that curl used to build and the one installed on my machine ( I installed this version a few days back ).

Could this be contributing to the behavior somehow ?

I tested the same operations with openssl 0.9.8k ( the reconnect operative ) and did see the client request containing the session id when I ran the tcpdump trace.

Any suggestions ?

Thanks in advance

> Date: Tue, 31 Mar 2009 11:19:59 +0200
> From:
> To:
> Subject: Re: Question regarding using the ssl sessionid usage
> On Tue, 31 Mar 2009, Niranjan Ramakrishnan wrote:
> > curl --verbose -sessionid -k -1 -2 -3 https://URLPATH https://URLPATH
> "-sessionid" is not the same as "--sessionid" which probably is what you
> want.
> Then, --sessionid only works with 7.19.0 or later but is already the default
> behavior so in most situations you won't need to use it.
> > When I do a tcpdump for this and look at the traffic , I do not see the
> > sessionid being reused. What is the way to reuse ssl session id.
> curl uses libcurl which primarily reuses the entire connection and only if the
> connection gets closed it attempts to re-use the sessionid in the next SSL
> handshake.
> If you think you see a case where it doesn't re-use the SSL sessionid where it
> should, it could be a possible bug. Can you provide us with a command line
> against a public URL that shows this? And also tell us what curl version on
> what OS you're using.
> --
> Daniel
> -------------------------------------------------------------------
> List admin:
> FAQ:
> Etiquette:

Quick access to Windows Live and your favorite MSN content with Internet Explorer 8.

List admin:
Received on 2009-03-31