This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
TLS resumption does not work on https server #3901
Comments
Btw, there is #3661 <- async tls session storage which should obviously fix this issue too. Can you build node with that patch and run your test suite again? |
Silly question (admittedly, I haven't dug into the code yet), but how does the tls.Server work atm then? The patch looks great, but I presume the tls implementation just keeps the data in process? |
Right now, OpenSSL's built-in session cache is used, which is a somewhat limited in-memory store. |
@bnoordhuis ah, makes sense. Why would it be disabled on |
I'm really curious about this too. |
bnoordhuis
added a commit
that referenced
this issue
Jun 15, 2013
Check that TLS session resumptions work with HTTPS servers. Regression test for #3901.
Session resume works with servers created with |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
If you start a TLS server via
tls.Server(...)
, session resume appears to work, which is also backed by this test:https://github.com/joyent/node/blob/master/test/simple/test-tls-client-resume.js#L65
However, resume is not supported when running via
https.createServer(...)
. As far as I can see, there are no extra options that can or should be enabled to make this work when using the https API. Is this intentional behavior, and if so why?I'm testing via Qualys SSL Labs online scanner. Example node.js server (latest stable): https://www.ssllabs.com/ssltest/analyze.html?d=www.spdy.io
Running a plain
tls.Server
on same host via online scanner passes the resume tests.Good article by one of the devs at Opera on the subject: http://my.opera.com/yngve/blog/2011/06/23/popular-but-sluggish-secure-server-popularity-might-not-be-the-reason
In other words, according to my estimates, if you disable session resume for a heavily trafficked, secure site it is very likely that you must install 5-50 times (or more, depending on site profile) the number of servers you would have needed if you had used session resume...
The text was updated successfully, but these errors were encountered: