Re: session resumption through new socket

[Lutz Jaenicke]

On Tue, Jan 16, 2001 at 04:27:05PM -0700, Chad Woodford wrote:
>  > There is not relation whatsoever between the transport
>  > channel (TCP, hosts,
>  > ports or whatever) and the TLS protocol (being transported in
>  > the channel).
>  > The case you are describing is not uncommon. I have a dialup
>  > provider that
>  > will give me a dynamic (and hence changing) IP number
>  > whenever build up
>  > a new connection. That does not stop me from re-using my TLS-sessions.
>
> What specifically causes a browser to request the same session?  And what 
> causes it to request a new session (session-ID = 0)?  Can one know with 
> certainty whether a browser will attempt to resume a session?

I don't know. My expectation for the correct answer would be:
"implementation dependent".
If I would author a browser, I would of course try to resume the
current session, when connecting to the same host. With "same" as by using the
same "destination host name", probably I would cache the IP number from
the first lookup and retry the same IP number (-> we may hit another
"real host" because of load balancing).

[interrupt writing of this email...]

I have just performed a test with Netscape 4.76. I have tried to connect
to the same host with different port numbers and it seems, that Netscape
will differentiate between ports. Whenever it is opening a connection to
a new port (same host), it will not propose to reuse a session.

Best regards,
        Lutz

PS. Eric, your "ssldump" is a really helpful tool :-)
PPS. Eric, why can I find "Unknown value" in the dump? :-) :-)
...
 1  0.0022 (0.0022)  C>S SSLv2 compatible client hello
  Version 3.0
  cipher suites
  SSL2_CK_RC4
  SSL2_CK_RC4_EXPORT40
  SSL2_CK_RC2
  SSL2_CK_RC2_EXPORT40
  SSL2_CK_DES
  SSL2_CK_3DES
  SSL_RSA_WITH_RC4_128_MD5
  Unknown value 0xfeff
  SSL_RSA_WITH_3DES_EDE_CBC_SHA
  Unknown value 0xfefe
  SSL_RSA_WITH_DES_CBC_SHA
  SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
  SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
  SSL_RSA_EXPORT_WITH_RC4_40_MD5
  SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
1 2  0.0325 (0.0303)  S>C  Handshake
...
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]