[Help-gnutls] How to resume a previous session

liuxiaoyu wkfta at hotmail.com
Fri Feb 20 14:20:04 CET 2009



I notice that there is a procedure described in RFC 4346 Page 33 that a session can be resummed by reusing the previous Session ID. The orginal text is as following:


"When the client and server decide to resume a previous session or
duplicate an existing session (instead of negotiating new security
parameters), the message flow is as follows:

The client sends a ClientHello using the Session ID of the session to
be resumed. The server then checks its session cache for a match.


If a match is found, and the server is willing to re-establish the
connection under the specified session state, it will send a
ServerHello with the same Session ID value. At this point, both
client and server MUST send change cipher spec messages and proceed
directly to finished messages. Once the re-establishment is
complete, the client and server MAY begin to exchange application
layer data. (See flow chart below.) If a Session ID match is not
found, the server generates a new session ID and the TLS client and
server perform a full handshake.

Client                                            Server
ClientHello             -------->
                          <--------            Finished
Finished                -------->
Application Data     <------->           Application Data

Fig. 2. Message flow for an abbreviated handshake

The contents and significance of each message will be presented in
detail in the following sections."


I am using GnuTls 2.6.3. I tried it this way: first initialize a TLS session, and then perform 2 handshakes continuously before deinitializing the TLS session. The result is the second handshake will be failed.


So I am wondering whether the procedure described above has been supported by GnuTls 2.6.3. If Yes, how can I make it happen by using GnuTls?


Thanks and Regards,





-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090220/e1739493/attachment.htm>

More information about the Gnutls-help mailing list