From: curl-library on behalf of Daniel
Jeliński via curl-library
Sent: Tuesday, June 8, 2021 15:19
To: libcurl development
Cc: Daniel Jeliński
Subject: Re: TLS session ID re-use broken in 7.77.0
Simple repro:
>curl -vI --http1.1 https://example.com/[1-3] -H"Connection:close"
Simple repro:
>curl -vI --http1.1 https://example.com/[1-3] -H"Connection:close"
output of the old CURL version contains "* SSL re-using session ID";
output of 7.77.0 does not. Wireshark confirms that the old version
sent PSK in client hello, the new version did not.
curl 7.77 downloaded here:
Hi,
after updating to libcurl 7.77.0, TLS session ID re-use stopped working for our
application. With older libcurl versions only the first transfer to an HTTPS
server would do the full TLS handshake and later ones would reuse the session
ID. With libcurl 7.77.0 we see a full handshake every
