[openssl-users] SSL session resumption from different TLS version

Matt Caswell matt at openssl.org
Fri Jul 29 16:01:20 UTC 2016



On 29/07/16 16:15, Prabhat Puroshottam wrote:
> We are using session resumption with openssl, and to support that we are
> storing sessions in a file.
> 
> On the server side the allowed TLS version can be configured and server
> admin can change it. It can
> 
> be changed for example to allow only TLS 1.2. The problem is that if the
> client has SSL session
> 
> stored on the disk from a previous connection which has different TLS
> version than what server
> 
> expects as per the changed configuration, server drops the connection
> immediately.
> 
> 
> My question is, is it possible for Openssl server to recover from such a
> scenario, by starting a full
> 
> handshake? Right now server drops the connection because of protocol
> mismatch.
> 
> Because if that is not the case the only other option left for us is to
> reconnect again if server rejects

The problem is on the client side not on the server side.

Currently in 1.0.2 and earlier versions, when a client calls
SSL_set_session(), the method for the negotiated SSL version is also
set. So if the client and server previously negotiated version TLSv1.1,
then when SSL_set_session() is called for the new connection, the
version *on the client side* is fixed at TLSv1.1. If that is no longer
an acceptable version for the server then a failure will result - the
client will only accept TLSv1.1, the server won't accept it - no further
progress can be made.

In the scenario you are talking about this should only be a problem if
the server previously did not support TLSv1.2 at all and then had its
configuration changed to *only* support TLSv1.2. That seems like quite a
strange thing to do (perhaps a better policy is for the server to
support TLSv1.1 *and* TLSv1.2...at least for a while).

IIRC the behaviour is different in the forthcoming OpenSSL 1.1.0. In
that version the client does not fix its version to the session version.
The client remains version flexible - if the server does not wish to use
the same version as was in the session then they can still negotiate a
different one and the session simply does not get used.

Matt


More information about the openssl-users mailing list