Various debugging info not shown (

Sun, 27 Oct 2013 08:05:37 -0700 

Hi Maxim,
Good question. I have been debugging a SSL configuration for some time, and one of the things I've been testing for is the renewal of session tickets. I used a thin client for that purpose: https://github.com/grooverdan/rfc5077 

Anyhow, according to the test, session renewal appears to work as intended:

./gnutls-client -r -d 10 mysite 443

[✔] Parse arguments.
[✔] Initialize GNU TLS library.
[✔] Solve mysite:443:
    │ Will connect to myip
[✔] Initialize TLS session.
[✔] Enable use of session tickets (RFC 5077).
[✔] Connect to mysite:443.
[✔] Start TLS renegotiation.
[✔] Check if session was reused:
    │ SSL session was not used
[✔] Get current session:
    │ Session context:
    │ Protocol : TLS1.2
    │ Cipher : AES-256-CBC
    │ Kx : DHE-RSA
    │ Compression : NULL
    │ PSK : (null)
    │ ID : D18B216F82B277FCA97B95E35E91A323F922873483FD02FB025FE94106CB50C3
[✔] Send HTTP GET.
[✔] Get HTTP answer:
    │ HTTP/1.1 301 Moved Permanently
[✔] End TLS connection.
[✔] waiting 10 seconds.
[✔] Initialize TLS session.
[✔] Enable use of session tickets (RFC 5077).
[✔] Copy old session.
[✔] Connect to mysite:443.
[✔] Start TLS renegotiation.
[✔] Check if session was reused:
    │ SSL session correctly reused
[✔] Get current session:
    │ Session context:
    │ Protocol : TLS1.2
    │ Cipher : AES-256-CBC
    │ Kx : DHE-RSA
    │ Compression : NULL
    │ PSK : (null)
    │ ID : D18B216F82B277FCA97B95E35E91A323F922873483FD02FB025FE94106CB50C3
[✔] Send HTTP GET.
[✔] Get HTTP answer:
    │ HTTP/1.1 301 Moved Permanently
[✔] End TLS connection.


So I thought when I enable full debugging, I'd see the relevant debug 
information in the error log, such as ssl new session / ssl get session 
from ngx_event_openssl.c - of which nothing is shown however.



FWIW, the reason why I am actually trying to debug this is because for 
some reason, when I choose a larger delay between the two test 
renegotiation, instead of 10s, let's say 3600s, then the previous 
session would not get reused - despite the fact that in my nginx site 
config, I set a very large session timeout (1680m).


Cheers,
Alex

_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx





















					Reply via email to