[PATCH] session ticket support
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Jul 26 15:00:53 CEST 2009
Daiki Ueno wrote:
>>>>>> In <4A6ACB0A.4030801 at gnutls.org>
>>>>>> Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>>>> - Have you checked this implementation against others?
>>> Not yet. I'll check it against OpenSSL this weekend.
>
>> Do you have any updates on that?
>
> Yes - but there are some issues. I have tested with modified
> gnutls-cli/gnutl-serv capable of session ticket handling.
>
> The combination of OpenSSL s_client and gnutls-serv seems OK, but
> gnutls-cli and s_server cannot continue handshake. I'm now
> investigating what is going on. Anyway, I attach the log files of:
>
> $ openssl s_server -accept 10000 -CAfile x509-ca.pem \
> -key x509-server-key.pem -cert x509-server.pem -msg >& s_server.log
Probably you have tried already but I would suggest -tlsextdebug -state
instead of -msg... The actual messages might be easier to see using
wireshark.
> $ gnutls-cli --debug 10 -p 10000 --resume localhost >& gnutls-cli.log
If I am correctly checking the log, It seems from the capture that
openssl doesn't send the NewSessionTicket on subsequent handshakes.
Could it be this the reason that gnutls-cli fails?
regards,
Nikos
More information about the Gnutls-devel
mailing list