I've got a bug report that my MTA fails from time to time during the
TLS handshake with the following error:
4476:error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context
uninitialized:ssl_sess.c:413
(OpenSSL 0.9.8m and 1.0.0.Beta5)
The MTA tries to turn off the session cache using
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF),
however, that does not seem to be sufficient.
I looked at the OpenSSL source code:
ssl_get_prev_session()
and according to my reading and some debug output that I added
it seems it is not obeying the SSL_SESS_CACHE_OFF setting.
after tls1_process_ticket() I get:
ssl_get_prev_session, tlsext, r=1, mode=0
then
if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
is taken:
ssl_get_prev_session, mode=1, VRFY=1
and the invocation fails:
8288:error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context unini
tialized:ssl_sess.c:535
Should SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)
be sufficient to turn off the session cache? It seems more is
necessary, e.g., SSL_CTX_set_session_id_context() at least?
If so, can that be documented please?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
