[PATCH] session ticket support

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Jul 26 15:00:53 CEST 2009

Daiki Ueno wrote:
>>>>>> In <4A6ACB0A.4030801 at gnutls.org> 
>>>>>> 	Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>>>> - Have you checked this implementation against others?
>>> Not yet.  I'll check it against OpenSSL this weekend.
>>  Do you have any updates on that?
> Yes - but there are some issues.  I have tested with modified
> gnutls-cli/gnutl-serv capable of session ticket handling.
> The combination of OpenSSL s_client and gnutls-serv seems OK, but
> gnutls-cli and s_server cannot continue handshake.  I'm now
> investigating what is going on.  Anyway, I attach the log files of:
> $ openssl s_server -accept 10000 -CAfile x509-ca.pem \
>   -key x509-server-key.pem -cert x509-server.pem -msg >& s_server.log

Probably you have tried already but I would suggest -tlsextdebug -state
instead of -msg... The actual messages might be easier to see using

> $ gnutls-cli --debug 10 -p 10000 --resume localhost >& gnutls-cli.log

If I am correctly checking the log, It seems from the capture that
openssl doesn't send the NewSessionTicket on subsequent handshakes.
Could it be this the reason that gnutls-cli fails?


More information about the Gnutls-devel mailing list