[gnutls-devel] GnuTLS | Server initiated TLS 1.2 rehandshake fails due to session tickets (#1421)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Oct 28 11:31:53 CEST 2022



Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1421



When the client requests session ticket and has received a NewSessionTicket in the first handshake, the second handshake fails as it waits for NewSessionTicket while the server doesn't indicate sending it. Simple reproducer would be to configure Apache httpd with TLS 1.2 as the maximum protocol version and expose a protected resource as:
```
SSLProtocol all -SSLv3 -TLSv1.3

<Location /client>
        SSLRequire true
        SSLVerifyClient require
        # SSLVerifyDepth  10
        # SSLOptions +StdEnvVars
</Location>
```

and access the resource with gnutls-cli.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1421
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20221028/f64eb2ac/attachment.html>


More information about the Gnutls-devel mailing list