Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] SSL session resumption with Jetty 9

Simone Bordet <sbordet@xxxxxxxxxxx> wrote:
> 
> On Mon, Oct 7, 2013 at 7:58 PM, Ben Summers <ben@xxxxxxxxxxxx> wrote:
>> 
>> Hello,
>> 
>> I'm using Jetty 9.0.6.v20130930 with Java 1.7.0_40, and SSL session resumption isn't working.
>> 
>> If I do
>> 
>> openssl s_client -reconnect -connect hostname:443 | grep Session-ID
>> 
>> then the session ID is not constant, and external SSL checking tools confirm session resumption doesn't work.
>> 
>> I have tried calling setSessionCachingEnabled(true) on the SslContextFactory, but this has no effect (as it is the default anyway).
>> 
>> Session resumption used to work with Jetty 7.
>> 
>> I would be very grateful for any debugging tips.
> 
> So, resumption is supposed to work out of the box if SSLEngine is
> created with the (host, port) pair, which we do.
> One possible problem can be due to the fact that the "host" is
> specified as IP address, while the full qualified name is needed, or
> viceversa.
> Usually, the server cannot reverse lookup the client, so on server
> side it's almost always an IP address.
> 
> If you can debug, please verify what is being passed to SSLEngine in
> SslContextFactory.newSSLEngine() ?

I can't easily attach a debugger, will I need to build Jetty and add some tracing statements?

> 
> Also, a comparison between SslContextFactory for 7 and 9 tells something ?


As it was trivially reproducible with only the Jetty distribution, I submitted a bug report:

  https://bugs.eclipse.org/bugs/show_bug.cgi?id=418892

I wondered whether it be something to do with the environment, so I've just tried it on Mac OS X as well. However, I get exactly the same problem.

If you try it, what happens?

Thanks,

Ben


--
http://bens.me.uk



Back to the top