-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gnutls backend doesn't reuse sessions #1109
Comments
We'll welcome help and patches to fix this. This seems to be the GnuTLS docs for how it works: https://www.gnutls.org/manual/html_node/Session-resumption.html |
Probably TLS session tickets don't work because curl does not use the same SSL context for multiple requests. See TODO: Cache/share OpenSSL contexts I have tested this: After disabling TLS session tickets, reusing the SSL sessions works properly. TLS session tickets are already disabled for OpenSSL. For GnuTLS 3.5.6 and newer versions, this can be fixed with this patch:
The same problem also exists for mbed TLS. Patch:
What do you think? |
SSL session reuse with TLS session tickets is not supported yet. Use SSL session IDs instead. See #1109
Hi,
It seems that curl has support for session IDs but not for session tickets. When linked with gnutls client hello indicates support for TLS tickets so the server sends a TLS ticket back and does not send a session id back. But curl doesn't seem to handle the TLS tickets.
In case of OpenSSL it doesn't send a TLS ticket extension in the client hello and so gets a session id back, and then it properly reuses the session.
The text was updated successfully, but these errors were encountered: