Closed
Description
I did this
I'm looking at the Client Hello messages in Wireshark when running the following command:
curl -v -I --tls-max 1.2 --http1.1 "https://example.com/[1-3]" -H "Connection:close"
I expected the following
I've expected to see reused Session IDs, but they are not.
curl/libcurl version
I've bisected the failure to the 7f4a9a9 commit, here is the output of curl -v when I compiled that commit:
curl 7.77.0-DEV (x86_64-pc-linux-gnu) libcurl/7.77.0-DEV OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.9 zstd/1.4.9 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0) nghttp2/1.41.0 OpenLDAP/2.4.57
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB PSL SSL TLS-SRP UnixSockets zstd
operating system
I've checked on Linux x64, but there is a bug report in the curl-library mailing list with topic TLS session ID re-use broken in 7.77.0 that uses the https://curl.se/windows/dl-7.77.0_2/curl-7.77.0_2-win64-mingw.zip version on Windows.