[openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Jul 23 20:21:11 UTC 2015
On Thu, Jul 23, 2015 at 09:22:04PM +0300, Jouni Malinen wrote:
> I used to use SSL_CTX_new(TLSv1_method()) to initialize SSL_CTX for
> various TLS-based EAP methods. This worked fine with EAP-TLS,
> EAP-PEAP, EAP-TTLS, and EAP-FAST. However, it did not allow OpenSSL to
> negotiate TLS v1.1 or v1.2 to be used. Consequently, there seemed to
> be need to change from TLSv1_method() to SSLv23_method() with
> SSL_OP_NO_SSLv2 and SSL_OP_NO_v3. Initially, this seemed to work fine,
> but I found an issue with EAP-FAST peer (i.e., TLS client).
Postfix happily sends session tickets and resuming sessions even
though it is using SSLv23_client_method(), and there is no server-side
session cache (I made sure the client connets to a different server
process between the initial handshake and the resumption, and that
there is no "external" cache configured.) Output summary:
$ posttls-finger -lmay -Ldebug -r 10 -c example.org
posttls-finger: setting up TLS connection to mx1.example.org[192.0.2.1]:25
posttls-finger: SSL_connect:before/connect initialization
posttls-finger: SSL_connect:SSLv2/v3 write client hello A
posttls-finger: SSL_connect:SSLv3 read server hello A
posttls-finger: SSL_connect:SSLv3 read server key exchange A
posttls-finger: SSL_connect:SSLv3 read server done A
posttls-finger: SSL_connect:SSLv3 write client key exchange A
posttls-finger: SSL_connect:SSLv3 write change cipher spec A
posttls-finger: SSL_connect:SSLv3 write finished A
posttls-finger: SSL_connect:SSLv3 flush data
posttls-finger: SSL_connect:SSLv3 read server session ticket A
posttls-finger: SSL_connect:SSLv3 read finished A
posttls-finger: save session [192.0.2.1]:25&8132DFEF2967E661AEDA394357CABF4803EA6915B5AA3750F5C937BEAB39FE1E to memory cache
posttls-finger: Anonymous TLS connection established to mx1.example.org[192.0.2.1]:25: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)
posttls-finger: Reconnecting after 10 seconds
posttls-finger: looking for session [192.0.2.1]:25&8132DFEF2967E661AEDA394357CABF4803EA6915B5AA3750F5C937BEAB39FE1E in memory cache
posttls-finger: reloaded session [192.0.2.1]:25&8132DFEF2967E661AEDA394357CABF4803EA6915B5AA3750F5C937BEAB39FE1E from memory cache
posttls-finger: SSL_connect:before/connect initialization
posttls-finger: SSL_connect:SSLv3 write client hello A
posttls-finger: SSL_connect:SSLv3 read server hello A
posttls-finger: SSL_connect:SSLv3 read finished A
posttls-finger: SSL_connect:SSLv3 write change cipher spec A
posttls-finger: SSL_connect:SSLv3 write finished A
posttls-finger: SSL_connect:SSLv3 flush data
posttls-finger: mx1.example.org[192.0.2.1]:25: Reusing old session
posttls-finger: Anonymous TLS connection established to mx1.example.org[192.0.2.1]:25: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)
The order of events is:
/* Once only */
ctx = SSL_CTX_new(SSLv23_client_method());
/* Per connection */
ssl = SSL_new(ctx);
/* Protocol support varies per server, so not set via global context */
SSL_set_options(...);
/* restore appropriate session from the client cache */
session = ... ;
if (session)
SSL_set_session(ssl, session);
SSL_connect(ssl);
What are you doing to associate a previous session with a new SSL
connection?
--
Viktor.
More information about the openssl-dev
mailing list