Simone Bordet <[email protected]> wrote: > > On Mon, Oct 7, 2013 at 7:58 PM, Ben Summers <[email protected]> wrote: >> >> Hello, >> >> I'm using Jetty 9.0.6.v20130930 with Java 1.7.0_40, and SSL session >> resumption isn't working. >> >> If I do >> >> openssl s_client -reconnect -connect hostname:443 | grep Session-ID >> >> then the session ID is not constant, and external SSL checking tools confirm >> session resumption doesn't work. >> >> I have tried calling setSessionCachingEnabled(true) on the >> SslContextFactory, but this has no effect (as it is the default anyway). >> >> Session resumption used to work with Jetty 7. >> >> I would be very grateful for any debugging tips. > > So, resumption is supposed to work out of the box if SSLEngine is > created with the (host, port) pair, which we do. > One possible problem can be due to the fact that the "host" is > specified as IP address, while the full qualified name is needed, or > viceversa. > Usually, the server cannot reverse lookup the client, so on server > side it's almost always an IP address. > > If you can debug, please verify what is being passed to SSLEngine in > SslContextFactory.newSSLEngine() ?
I can't easily attach a debugger, will I need to build Jetty and add some tracing statements? > > Also, a comparison between SslContextFactory for 7 and 9 tells something ? As it was trivially reproducible with only the Jetty distribution, I submitted a bug report: https://bugs.eclipse.org/bugs/show_bug.cgi?id=418892 I wondered whether it be something to do with the environment, so I've just tried it on Mac OS X as well. However, I get exactly the same problem. If you try it, what happens? Thanks, Ben -- http://bens.me.uk _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
