[Help-gnutls] How to resume a previous session
liuxiaoyu
wkfta at hotmail.com
Fri Feb 20 14:20:04 CET 2009
Hi,
I notice that there is a procedure described in RFC 4346 Page 33 that a session can be resummed by reusing the previous Session ID. The orginal text is as following:
"When the client and server decide to resume a previous session or
duplicate an existing session (instead of negotiating new security
parameters), the message flow is as follows:
The client sends a ClientHello using the Session ID of the session to
be resumed. The server then checks its session cache for a match.
If a match is found, and the server is willing to re-establish the
connection under the specified session state, it will send a
ServerHello with the same Session ID value. At this point, both
client and server MUST send change cipher spec messages and proceed
directly to finished messages. Once the re-establishment is
complete, the client and server MAY begin to exchange application
layer data. (See flow chart below.) If a Session ID match is not
found, the server generates a new session ID and the TLS client and
server perform a full handshake.
Client Server
ClientHello -------->
ServerHello
[ChangeCipherSpec]
<-------- Finished
[ChangeCipherSpec]
Finished -------->
Application Data <-------> Application Data
Fig. 2. Message flow for an abbreviated handshake
The contents and significance of each message will be presented in
detail in the following sections."
I am using GnuTls 2.6.3. I tried it this way: first initialize a TLS session, and then perform 2 handshakes continuously before deinitializing the TLS session. The result is the second handshake will be failed.
So I am wondering whether the procedure described above has been supported by GnuTls 2.6.3. If Yes, how can I make it happen by using GnuTls?
Thanks and Regards,
Sean
_________________________________________________________________
MSN安全保护中心,免费修复系统漏洞,保护MSN安全!
http://im.live.cn/safe/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090220/e1739493/attachment.htm>
More information about the Gnutls-help
mailing list