Race Condition

Matt Caswell matt at openssl.org
Fri Jun 14 12:09:30 UTC 2019

On 14/06/2019 11:09, Serti Ayoub wrote:
> I can't provide a sample to reproduce the crash, it's totaly random.
> Here example of thread call stack:

Yes, this does look like a bug. My guess is most people don't hit this because
they don't set SSL_OP_NO_TICKET in TLSv1.3. The default behaviour is to use
stateless tickets which aren't shared between threads, so no race condition is
possible. However, with SSL_OP_NO_TICKET we use stateful tickets which means the
session objects *are* shared.

Session objects are supposed to be immutable after the initial handshake is
complete so that this sort of thing doesn't happen. Looks like that isn't the
case in the handling of supported groups. In reality there is no reason at all
to store the supported groups information in the session object since we don't
reuse that information from one session resume to another anyway so its just
misplaced in the session object.

Please try out this patch:



More information about the openssl-users mailing list