> [sean.cunning...@mandiant.com - Tue Jun 30 17:06:26 2009]:
>
> <<
> Can you find a way to reproduce this behaviour with s_client/s_server
>or
> does it only happen with external session caches?
> >>
>
> I took a look at s_server. It uses openssl's default session cache,
>which does not
ngineer
675 North Washington Street
Suite 210
Alexandria, VA 22314
703.683.3141 t
703.683.2891 f
sean.cunning...@mandiant.com
www.mandiant.com
From: Stephen Henson via RT [...@openssl.org]
Sent: Tuesday, June 30, 2009 7:05 AM
To: Sean Cunningham
Cc: openssl-dev@
> [sean.cunning...@mandiant.com - Tue Jun 30 02:22:28 2009]:
>
> <<
> Currently OpenSSL always uses the values in client hello and server
> hello to negotiate compression even for a resumed session. So provided
> the client includes the compression method from the original method in
> client hello
an Cunningham
Cc: openssl-dev@openssl.org
Subject: [openssl.org #1960] i2d_SSL_SESSION/d2i_SSL_SESSION does not persist
session compress_meth
> [sean.cunning...@mandiant.com - Thu Jun 25 08:23:49 2009]:
>
>
> This bug is not platform specific.
>
> Some proxies, such as nginx,
> [sean.cunning...@mandiant.com - Thu Jun 25 08:23:49 2009]:
>
>
> This bug is not platform specific.
>
> Some proxies, such as nginx, implement custom session caches via the
>openssl callback API's. This implementation makes use of the
>i2d_SSL_SESSION API to copy the session into a co
This bug is not platform specific.
Some proxies, such as nginx, implement custom session caches via the openssl
callback API's. This implementation makes use of the i2d_SSL_SESSION API to
copy the session into a contiguous block of memory. When the next session
matches, the cache calls d2i_S