[Help-gnutls] How to resume a previous session

liuxiaoyu wkfta at hotmail.com
Fri Feb 20 14:20:04 CET 2009 

Hi,

 

I notice that there is a procedure described in RFC 4346 Page 33 that a session can be resummed by reusing the previous Session ID. The orginal text is as following:

 

"When the client and server decide to resume a previous session or
duplicate an existing session (instead of negotiating new security
parameters), the message flow is as follows:


The client sends a ClientHello using the Session ID of the session to
be resumed. The server then checks its session cache for a match.

 

If a match is found, and the server is willing to re-establish the
connection under the specified session state, it will send a
ServerHello with the same Session ID value. At this point, both
client and server MUST send change cipher spec messages and proceed
directly to finished messages. Once the re-establishment is
complete, the client and server MAY begin to exchange application
layer data. (See flow chart below.) If a Session ID match is not
found, the server generates a new session ID and the TLS client and
server perform a full handshake.


Client                                            Server
ClientHello             -------->
                                                   ServerHello
                                                   [ChangeCipherSpec]
                          <--------            Finished
[ChangeCipherSpec]
Finished                -------->
Application Data     <------->           Application Data


Fig. 2. Message flow for an abbreviated handshake


The contents and significance of each message will be presented in
detail in the following sections."

 

I am using GnuTls 2.6.3. I tried it this way: first initialize a TLS session, and then perform 2 handshakes continuously before deinitializing the TLS session. The result is the second handshake will be failed.

 

So I am wondering whether the procedure described above has been supported by GnuTls 2.6.3. If Yes, how can I make it happen by using GnuTls?

 

Thanks and Regards,

 

Sean

 

 

_________________________________________________________________
MSN安全保护中心,免费修复系统漏洞,保护MSN安全!
http://im.live.cn/safe/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090220/e1739493/attachment.htm>

More information about the Gnutls-help mailing list