Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: TLS session ID re-use broken in 7.77.0
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Jeliński via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 8 Jun 2021 15:19:54 +0200
Simple repro:
>curl -vI --http1.1 https://example.com/[1-3] -H"Connection:close"
output of the old CURL version contains "* SSL re-using session ID";
output of 7.77.0 does not. Wireshark confirms that the old version
sent PSK in client hello, the new version did not.
curl 7.77 downloaded here:
https://curl.se/windows/dl-7.77.0_2/curl-7.77.0_2-win64-mingw.zip
Regards,
Daniel
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-06-08
Date: Tue, 8 Jun 2021 15:19:54 +0200
Simple repro:
>curl -vI --http1.1 https://example.com/[1-3] -H"Connection:close"
output of the old CURL version contains "* SSL re-using session ID";
output of 7.77.0 does not. Wireshark confirms that the old version
sent PSK in client hello, the new version did not.
curl 7.77 downloaded here:
https://curl.se/windows/dl-7.77.0_2/curl-7.77.0_2-win64-mingw.zip
Regards,
Daniel
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-06-08