Hey,
Tried release 5.6.4 and the issue persists.
Shall I send an email, or open a GitHub issue?
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by razvi.david
Pages 1
Hey,
Tried release 5.6.4 and the issue persists.
Shall I send an email, or open a GitHub issue?
Hello,
the production configuration cli is:
./configure --disable-tls13 --enable-singlethread --enable-curve25519 --enable-ed25519 --enable-sp --enable-sp-asm --enable-staticmemory --enable-sni --enable-alpn --disable-harden --enable-session-ticket --enable-bigcache --enable-supportedcurves --disable-oldtls --enable-aesni --enable-intelasm --disable-shared --enable-static --enable-fasthugemath CFLAGS="-O3 -march=native -DWC_NO_HARDEN -DSINGLE_THREADED"
we get the same error with a simplified version:
./configure --enable-session-ticket --enable-static --disable-shared --enable-sni --enable-alpn
The output log is:
https://pastebin.com/raw/DciAZeYM
Thanks for helping!
Hello,
I use WolfSSL to listen to websocket streams over TLS.
The server is not restarted, and this is an edge case in whitch the server simply ignores the ticket. In general, I use tickets successfully.
As I said, I'm getting error -373 (and as you can see in the pcap, a client alert is sent) when the server unexpectedly ignores the ticket and initiates another handshake.
Firstly, a TLS 1.2 session ticket is requested and acquired from the server. The connection is then gracefully completed.
About a second later, a new connection is established and the use of the session ticket is attempted. A client hello is sent to the server with the ticket, but the server instead initiates a new key exchange. This is the moment in which WolfSSL errors out with -373, and the connection is terminated. I have attached 2 pcap files: one in which the session ticket is obtained, and one with the session ticket use attempt that errors out.
I have 2 questions:
1. Is the server breaking the protocol? I tried OpenSSL cli and the 2nd connection does succeed, even though the ticket is not reused.
2. Is there any option to instruct the library to continue using the connection, even though the session ticket we sent was ignored?
Thank you.
Edit: Cannot attach files, here is link: https://drive.google.com/file/d/1E0Hvdc … sp=sharing
Pages 1
wolfSSL - Embedded SSL Library → Posts by razvi.david
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.015 seconds (96% PHP - 4% DB) with 4 queries