Hi,
Below are the steps to reproduce the issue with openssl 0.9.8k
Server ::
./openssl s_server -cert server.pem
Client ::
./openssl s_client -debug -msg -state -sess_out /tmp/session.out
In the above case when we write the session to session.out , the output
shows the session id :
>> Abstract from output
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
C4AE767399AF791146D7384B70E2F7949C9FF555BD1BA26A2CE59BECD6ED017F
Session-ID-ctx:
Master-Key:
D2F2CE13F3AD4552E23D8B042DC3AB92322A0E778375C1047D090A9DEA63C343D2558F6B6DDBD1611F326FE5E3AA5774
Now when we try to read from session.out , the session id is empty ..
./openssl s_client -debug -msg -state -sess_in /tmp/session.out
>> Abstract from output
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key:
FCBF8B9102F1BD020FA0969EE6243F62F7C700F6B701B6A19C4CD57F5BFF0E2FA58B96846EC64FD25FF901C12489362D
Key-Arg : None
The above behavior ( empty session id ) is found with i.e openssl 0.9.8j
and openssl 0.9.8k. i verified with other version 0.9.8g , 0.9.8h , 0.9.8i
works fine.
It seems server side is not sending the session id as part of the initial
hello, and as a result, the session caching is not working. When there is no
session id, client simply discards that session and not cache it.
Does anybody encounter the issue previously , any thoughts ?
Thanks
Anil
