Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
I'm looking at the Client Hello messages in Wireshark when running the following command:
curl -v -I --tls-max 1.2 --http1.1 "https://example.com/[1-3]" -H "Connection:close"
I've expected to see reused Session IDs, but they are not.
I've bisected the failure to the 7f4a9a9 commit, here is the output of curl -v when I compiled that commit:
curl 7.77.0-DEV (x86_64-pc-linux-gnu) libcurl/7.77.0-DEV OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.9 zstd/1.4.9 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0) nghttp2/1.41.0 OpenLDAP/2.4.57
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB PSL SSL TLS-SRP UnixSockets zstd
I've checked on Linux x64, but there is a bug report in the curl-library mailing list with topic TLS session ID re-use broken in 7.77.0 that uses the https://curl.se/windows/dl-7.77.0_2/curl-7.77.0_2-win64-mingw.zip version on Windows.
TLS session ID re-use broken in 7.77.0
The text was updated successfully, but these errors were encountered:
openssl: don't remove session id entry in disassociate
When a connection is disassociated from a transfer, the Session ID entry
Regression since 7f4a9a9 (shipped in libcurl 7.77.0)
Reported-by: Gergely Nagy
Reported-by: Paul Groke
Successfully merging a pull request may close this issue.