[openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method
Ian McFadries (imcfadri)
imcfadri at cisco.com
Fri Aug 14 17:55:55 UTC 2015
That worked.
Thanks Matt
-----Original Message-----
From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
Sent: Wednesday, August 05, 2015 8:40 AM
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method
On 04/08/15 22:03, Ian McFadries (imcfadri) wrote:
> Sorry for the delayed response, I was away for a week and was able to test the fix today.
>
> The fix did resolve the session ticket issue that I was encountering. However, now I get an error when I am not using the session tickets under the following conditions. I am continuing to investigate.
>
> Create an SSL Session using the context that negotiates the highest
> available version Client hello requests TLS 1.2 Server responds with
> server hello using TLS 1.0 Complete handshake with no problems
> Disconnect session Start new session which attempts a fast session
> resumption Client sends Alert 70 (SSL_AD_PROTOCOLVERSION) because SSL
> struct version contains version 0x303 but message after first message
> contains version 0x301
Oh. Try this additional patch. By moving the session creation earlier in the process the session protocol version gets fixed at that earlier point. Unfortunately we have moved it to a point *before* version negotiation has completed. This patch just updates the session version once version negotiation is finished.
Matt
More information about the openssl-dev
mailing list