Hi Antonio,
On 26/04/19 16:02, Antonio Quartulli wrote:
Hi,
On 26/04/2019 15:57, Jan Just Keijser wrote:
I'd look into the way session tickets are configured and used in
mbedtls, e.g. read up on
https://tls.mbed.org/discussions/generic/what-is-the-correct-way-to-use-session-tickets
For OpenSSL, OpenVPN uses SSL_OP_NO_TICKET, i.e. no session tickets are
allowed. I don't know the mbedtls code base well enough, but as a start,
I'd make sure that mbedtls is also configured to NOT accept session
tickets.
PUSH messages are exchanged on the control channel *after* the TLS
handshake has completed, therefore I am not sure session tickets can
play any role at that point, no?
fully correct, however, my suspicion is that the mbedtls version does
not see the reconnect as a new connection on the control channel,
whereas the openssl version does - that could explain the difference in
push-logic.
Most likely the openssl version also does not like to push messages if
it "thinks" it is simply a TLS control channel session resumption.
And at any rate, it can't hurt to rule this one out ;)
JJK
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
