> [sean.cunning...@mandiant.com - Tue Jun 30 02:22:28 2009]: > > << > Currently OpenSSL always uses the values in client hello and server > hello to negotiate compression even for a resumed session. So provided > the client includes the compression method from the original method in > client hello (as required by standards) the server should end up using > compression again. > >> > > Interesting; that's not what I'm seeing with the version of OpenSSL > I'm testing with: 'OpenSSL 0.9.8h 28 May 2008'. The system seems > to be using the compression type that is provided by the session > returned from the user defined session cache, not what was > negotiated during client hello/server hello. > > Not sure if the resumed session should be using the newly negotiated > compression algorithm regardless. RFC 3749 has the following > clause: > << > 1. The compression algorithm MUST be retained when resuming a > session. > > 2. The compression state/history MUST be cleared when resuming a > session. > >> > > So in the case where, for whatever reason, the cilent and server > negotiate a different compression type, it appears that the > connection should revert to the original comp type RE: RFC 3749. > >
Can you find a way to reproduce this behaviour with s_client/s_server or does it only happen with external session caches? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org