[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] SSL session resumption with Jetty 9
|
Simone Bordet <sbordet@xxxxxxxxxxx> wrote:
>
> On Mon, Oct 7, 2013 at 7:58 PM, Ben Summers <ben@xxxxxxxxxxxx> wrote:
>>
>> Hello,
>>
>> I'm using Jetty 9.0.6.v20130930 with Java 1.7.0_40, and SSL session resumption isn't working.
>>
>> If I do
>>
>> openssl s_client -reconnect -connect hostname:443 | grep Session-ID
>>
>> then the session ID is not constant, and external SSL checking tools confirm session resumption doesn't work.
>>
>> I have tried calling setSessionCachingEnabled(true) on the SslContextFactory, but this has no effect (as it is the default anyway).
>>
>> Session resumption used to work with Jetty 7.
>>
>> I would be very grateful for any debugging tips.
>
> So, resumption is supposed to work out of the box if SSLEngine is
> created with the (host, port) pair, which we do.
> One possible problem can be due to the fact that the "host" is
> specified as IP address, while the full qualified name is needed, or
> viceversa.
> Usually, the server cannot reverse lookup the client, so on server
> side it's almost always an IP address.
>
> If you can debug, please verify what is being passed to SSLEngine in
> SslContextFactory.newSSLEngine() ?
I can't easily attach a debugger, will I need to build Jetty and add some tracing statements?
>
> Also, a comparison between SslContextFactory for 7 and 9 tells something ?
As it was trivially reproducible with only the Jetty distribution, I submitted a bug report:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=418892
I wondered whether it be something to do with the environment, so I've just tried it on Mac OS X as well. However, I get exactly the same problem.
If you try it, what happens?
Thanks,
Ben
--
http://bens.me.uk