Thanks , the -no_ticket option worked , now i am able to see the session id.
Thanks Anil On Tue, May 5, 2009 at 9:10 PM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Tue, May 05, 2009, Anil Tambe wrote: > > > Hi, > > > > Below are the steps to reproduce the issue with openssl 0.9.8k > > > > Server :: > > > > ./openssl s_server -cert server.pem > > > > > > Client :: > > > > ./openssl s_client -debug -msg -state -sess_out /tmp/session.out > > > > In the above case when we write the session to session.out , the output > > shows the session id : > > > > >> Abstract from output > > > > SSL-Session: > > > > Protocol : TLSv1 > > > > Cipher : DHE-RSA-AES256-SHA > > > > Session-ID: > > C4AE767399AF791146D7384B70E2F7949C9FF555BD1BA26A2CE59BECD6ED017F > > > > Session-ID-ctx: > > > > Master-Key: > > > D2F2CE13F3AD4552E23D8B042DC3AB92322A0E778375C1047D090A9DEA63C343D2558F6B6DDBD1611F326FE5E3AA5774 > > > > > > > > Now when we try to read from session.out , the session id is empty .. > > > > ./openssl s_client -debug -msg -state -sess_in /tmp/session.out > > > > >> Abstract from output > > > > SSL-Session: > > > > Protocol : TLSv1 > > > > Cipher : DHE-RSA-AES256-SHA > > > > Session-ID: > > > > Session-ID-ctx: > > > > Master-Key: > > > FCBF8B9102F1BD020FA0969EE6243F62F7C700F6B701B6A19C4CD57F5BFF0E2FA58B96846EC64FD25FF901C12489362D > > > > Key-Arg : None > > > > > > The above behavior ( empty session id ) is found with i.e openssl > 0.9.8j > > and openssl 0.9.8k. i verified with other version 0.9.8g , 0.9.8h , > 0.9.8i > > works fine. > > > > It seems server side is not sending the session id as part of the initial > > hello, and as a result, the session caching is not working. When there is > no > > session id, client simply discards that session and not cache it. > > > > Does anybody encounter the issue previously , any thoughts ? > > > > The versions of OpenSSL you mention support stateless session resumption > for > which no server side session cache is needed and the session ID is empty. > > If the server doesn't support stateless session resumption then normal > stateful sessions are used as before. > > If you want to force stateful sessions use the -no_ticket option. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
