wangkpot opened a new issue, #9525: URL: https://github.com/apache/apisix/issues/9525
### Current Behavior In mTLS, clients can establish connection with server by expired cert in session resumption. ### Expected Behavior In mTLS, clients can't establish connection with server by expired cert in session resumption. ### Error Logs _No response_ ### Steps to Reproduce 1. client with valid cert send request and receive response successfully in mTLS at first time; 2. when the cert is expired, clients still can establish connection with server in session resumption. ### Environment - APISIX version (run `apisix version`): 2.13.1 - Operating system (run `uname -a`): Centos7 - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): 1.21.4.1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
