SSL client reuse_sessions not working?
Roger Lipscombe
roger@REDACTED
Thu Apr 2 11:40:46 CEST 2020
Further investigation:
If I purge the server's session cache, the client *never* reuses a
session from that point onward. The same happens if I add suitable
retry logic to the client and then restart the server node.
It looks like it grabs the previous session from the client session
cache, even though it knows that it's no longer valid. The server
knows nothing of this session ID, so it returns a new session.
OTP-22.2.8, incidentally.
On Thu, 2 Apr 2020 at 10:18, Roger Lipscombe <roger@REDACTED> wrote:
>
> On Thu, 2 Apr 2020 at 10:07, Roger Lipscombe <roger@REDACTED> wrote:
> > I'm investigating SSL session reuse, and I can't get my client to
> > actually reuse sessions. I'm using the escript below.
>
> I looked in the OTP source code; it only reuses client sessions if
> verify is set to verify_peer.
>
> Obviously, that causes problems in the "localhost" case, so I stubbed
> that out with {verify_fun, {fun yolo/3, undefined}}.
>
> At that point, it started reusing session IDs, but the
> 'session_resumption' value still came back negative. What's that
> about? I was hoping to use that to assert that the session *had* been
> reused.
More information about the erlang-questions
mailing list