Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I'm looking at the Client Hello messages in Wireshark when running the following command:
curl -v -I --tls-max 1.2 --http1.1 "https://example.com/[1-3]" -H "Connection:close"
I've expected to see reused Session IDs, but they are not.
I've bisected the failure to the 7f4a9a9 commit, here is the output of curl -v when I compiled that commit:
curl -v
curl 7.77.0-DEV (x86_64-pc-linux-gnu) libcurl/7.77.0-DEV OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.9 zstd/1.4.9 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0) nghttp2/1.41.0 OpenLDAP/2.4.57 Release-Date: [unreleased] Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB PSL SSL TLS-SRP UnixSockets zstd
I've checked on Linux x64, but there is a bug report in the curl-library mailing list with topic TLS session ID re-use broken in 7.77.0 that uses the https://curl.se/windows/dl-7.77.0_2/curl-7.77.0_2-win64-mingw.zip version on Windows.
curl-library
TLS session ID re-use broken in 7.77.0
The text was updated successfully, but these errors were encountered:
openssl: don't remove session id entry in disassociate
89f91cb
When a connection is disassociated from a transfer, the Session ID entry should remain. Regression since 7f4a9a9 (shipped in libcurl 7.77.0) Reported-by: Gergely Nagy Reported-by: Paul Groke Fixes #7222
a5adf8c
Successfully merging a pull request may close this issue.
I did this
I'm looking at the Client Hello messages in Wireshark when running the following command:
curl -v -I --tls-max 1.2 --http1.1 "https://example.com/[1-3]" -H "Connection:close"
I expected the following
I've expected to see reused Session IDs, but they are not.
curl/libcurl version
I've bisected the failure to the 7f4a9a9 commit, here is the output of
curl -v
when I compiled that commit:operating system
I've checked on Linux x64, but there is a bug report in the
curl-library
mailing list with topicTLS session ID re-use broken in 7.77.0
that uses the https://curl.se/windows/dl-7.77.0_2/curl-7.77.0_2-win64-mingw.zip version on Windows.The text was updated successfully, but these errors were encountered: