cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL session resume problem?

From: Cyrill Osterwalder <cyrill.osterwalder_at_seclutions.com>
Date: Wed, 04 Jun 2003 08:58:42 +0200

>Can you provide us with a public URL and example code showing this happen?

Not at this point but I'll try to provide it soon. I'll also debug curl
regarding this issue and try to find out the details.

Regards,

Cyrill

--On Montag, 2. Juni 2003 11:24 +0200 Daniel Stenberg <daniel_at_haxx.se>
wrote:

> On Fri, 30 May 2003, Cyrill Osterwalder wrote:
>
>> The only reason why I keep my curl handle at this point is because I'd
>> like to benefit from SSL session resumes. I'm testing the SSL handshakes
>> and find that the SSL sessions are not resumed if I create new curl
>> handles so reusing the handle looks like a must.
>
> Correct. That is the only way libcurl supports session ID caching/re-use.
>
>> However, reusing the curl handle does not seem to provide 100% SSL
>> session resume support. According to the OpenSSL trace log of the web
>> server, libcurl does not seem to update it's SSL session
>
> Can you provide us with a public URL and example code showing this happen?
>
>> - if it is not a new handshake but an attempt to resume the SSL session
>>
>> - if the server does not resume the SSL session for any reason (SSL
>> session dead, cache miss, etc)
>
> libcurl re-uses the session ID if it has one in its cache for the same
> name, and it has no existing TCP connection to the site (if it has it
> re-uses that instead).
>
> That's the theory at least.
>
>> In this case, a new SSL session is created between client and server but
>> it does not seem to be kept by the libcurl client. This happens now for
>> each following requests. I can provide the server SSL engine log files if
>> anybody would be interested.
>
> Well, it would be better if you could also debug libcurl to see if it
> actually has the ID in the cache but doesn't re-use it, or if it actually
> attempts to re-use it but it somehow fails.
>
>> Any ideas on this? Is this an OpenSSL issue?
>
> I don't know, I don't use this much myself and I don't think we have any
> test cases for it.
>
> --
> Daniel Stenberg -- curl: been grokking URLs since 1998

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
Received on 2003-06-04