1 Topic by cxdinter (edited by cxdinter 2017-08-24 22:06:24)

  • Registered: 2016-08-14
  • Posts: 47

Topic: [SOLVED] Question about SSL session resume tomeout

Hi,
   I used wolfSSL library to create a TLS server on our radio, then this server can communicate with one APP (allocated on a mobile phone ) through TLS1.2 . But, if user didn't operate APP for long time (maybe over 1 miniute), then operate APP again, the TLS communication will disconnect. Because client APP want to resume current SSL session ID, but server request full TLS  1.2 handshake process(request/send certificate..etc.) instead of sending ChangeCypher directly.

  I guess maybe the disconnect is caused by session timeout? is there any default value used to set as session timeout?
  And what's the difference between ssl->timeout and ssl->session->timeout ?

  Thank you in advance.

Share

2 Reply by cxdinter (edited by cxdinter 2017-08-25 00:19:03)

  • Registered: 2016-08-14
  • Posts: 47

Re: [SOLVED] Question about SSL session resume tomeout

Sorry, I know the root cause. Becuase I defined NO_SESSION_CACHE macro in user_settings.h.

But there are still one problem : even I used NO_SESSION_CACHE, why the sever still send the old session ID during serverHello?? (I used an old wolfSSL version v3.9.10)

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 650

Re: [SOLVED] Question about SSL session resume tomeout

Hi cxdinter,

This behavior was fixed starting with release 3.11.0 (released 5/4/2017), and is fixed in all subsequent versions.  Are you able to share what company/product you are working with?

Thanks,
Chris

https://www.wolfssl.com

chrisc's Website

Share

  • Registered: 2016-08-14
  • Posts: 47

Re: [SOLVED] Question about SSL session resume tomeout

chrisc wrote:

Hi cxdinter,

This behavior was fixed starting with release 3.11.0 (released 5/4/2017), and is fixed in all subsequent versions.  Are you able to share what company/product you are working with?

Thanks,
Chris

Hi Chris,
    Thanks, I got it.
    Actually, we already baught commercial license from wolfSSL. And your collegue Rich also sent commercial version V3.11.0 to us. For this topic, I just used the old open source version for testing. We will not use open source version in production level release.

    Our company name is Yanfeng Visteon Electronics Technology (Shanghai) Co., Ltd.

    Please close this topic, thank you.

Share