Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-71967

Session resumption broken with OpenSSL 1.1

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P2: Important P2: Important
    • 5.12.2, 5.14.0 Alpha
    • 5.11.0, 5.11.2, 5.12.0 Beta 4, 5.12.0 RC
    • Network: SSL
    • None
    • 93a803a6de27d9eb57931c431b5f3d074914f693 (qt/qtbase/5.12)

      Since OpenSSL 1.1.0 it is not possible to resume a tls session with "session id" or "session tickets". Same build works with OpenSSL 1.0.2.

       

      Qt already pushes the stored session to OpenSSL. But it will "ignore" it and do a full handshake.

       

      Looks like Qt has a similar problem like Python?

      https://github.com/openssl/openssl/issues/1550

      If we add a dirty hack to OpenSSL it will work again.

      --- x/openssl/ssl/ssl_sess.c
+++ y/openssl/ssl/ssl_sess.c
@@ -1126,7 +1126,7 @@
     if ((s->session != NULL) &&
         !(s->shutdown & SSL_SENT_SHUTDOWN) &&
         !(SSL_in_init(s) || SSL_in_before(s))) {
-        SSL_CTX_remove_session(s->session_ctx, s->session);
+        //SSL_CTX_remove_session(s->session_ctx, s->session);
         return 1;
     } else
         return 0;

       

      Seems OpenSSL do not like the given session und mark it as "bad session"?

       

      https://github.com/openssl/openssl/commit/e70656cf1c9e886344913444fe2f3a0b7d3721a9 ???

       

       

        1. sessionResumption.tar.gz
          2 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            tpochep Timur Pocheptsov
            misery André Klitzing
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes