[sr #108146] gnutls client tls library not supporting session ticket renewing and aborting

Daniel Black INVALID.NOREPLY at gnu.org
Sun Sep 30 08:08:35 CEST 2012 

URL:
  <http://savannah.gnu.org/support/?108146>

                 Summary: gnutls client tls library not supporting session
ticket renewing and aborting
                 Project: GnuTLS
            Submitted by: danblack
            Submitted on: Sun 30 Sep 2012 06:08:35 AM GMT
                Category: Core library
                Priority: 5 - Normal
                Severity: 4 - Important
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: GNU/Linux

    _______________________________________________________

Details:

RFC5077 3.4 paragraph two allows for renewing session tickets. 

I've used the openssl SSL_CTX_set_tlsext_ticket_key_cb returning the value 2
to perform a renew of the session ticket the following implementation in
nginx.
http://trac.nginx.org/nginx/ticket/120

I've setup a test site with 20 seconds expiry on session tickets and it
attempts to renew the session ticket after 10 seconds.

A thin client program using is here:
https://github.com/grooverdan/rfc5077

running the following generates:

$ ./gnutls-client -r -r -r -d 15  nginxtest.openquery.com 443
[✔] Parse arguments.
[✔] Initialize GNU TLS library.
[✔] Solve nginxtest.openquery.com:443:
    │ Will connect to 173.230.149.19
[✔] Initialize TLS session.
[✔] Enable use of session tickets (RFC 5077).
[✔] Connect to nginxtest.openquery.com:443.
[✔] Start TLS renegotiation.
[✔] Check if session was reused:
    │ SSL session was not used
[✔] Get current session:
    │ Session context:
    │ Protocol : TLS1.2
    │ Cipher : AES-128-CBC
    │ Kx : RSA
    │ Compression : NULL
    │ PSK : (null)
    │ ID : D589B43480B198100389F2223D4FC3EA162E6402AD53D03A16509D6155D57FDD
[✔] Send HTTP GET.
[✔] Get HTTP answer:
    │ HTTP/1.1 200 OK
[✔] End TLS connection.
[✔] waiting 15 seconds.
[✔] Initialize TLS session.
[✔] Enable use of session tickets (RFC 5077).
[✔] Copy old session.
[✔] Connect to nginxtest.openquery.com:443.
[✘] Start TLS renegotiation:
    │ Unable to start TLS renegotiation:
    │ An unexpected TLS packet was received.

This was running with gnutls version 2.12.17




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108146>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

More information about the Gnutls-devel mailing list