On Tue Sep 17 19:55:34 2013, [email protected] wrote: > Openssl 1.0.1e is not clearing the session ticket upon handshake > failure, contrary to the recommendation in RFC 5077 section 3.2 paragraph 4. > > I am seeing that after some sort of event, Amazon ELB will respond to a > TLS 1.0 handshake containing a session ticket that it had handed out > prior to the event by closing the connection. When my client application > tries to reconnect, openssl will once again send the session ticket, > causing Amazon ELB to once again close the connection. This leads to an > hours-long inability to reconnect, until my client application is > manually restarted, removing knowledge of the now-poison ticket. >
Is this the session ticket or the session ID causing the problem? A server shouldn't just disconnect if it sees a ticket it doesn't like it should just issue a new one. What happens if you disable tickets with -no_ticket? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
