Welcome! Log In Create A New Profile

Advanced

Various debugging info not shown (

Previous Message Next Message
Forum List Message List New Topic Print View
Alex
October 27, 2013 11:06AM
Hi Maxim,

Good question. I have been debugging a SSL configuration for some time,
and one of the things I've been testing for is the renewal of session
tickets. I used a thin client for that purpose:
https://github.com/grooverdan/rfc5077

Anyhow, according to the test, session renewal appears to work as intended:

./gnutls-client -r -d 10 mysite 443

[✔] Parse arguments.
[✔] Initialize GNU TLS library.
[✔] Solve mysite:443:
│ Will connect to myip
[✔] Initialize TLS session.
[✔] Enable use of session tickets (RFC 5077).
[✔] Connect to mysite:443.
[✔] Start TLS renegotiation.
[✔] Check if session was reused:
│ SSL session was not used
[✔] Get current session:
│ Session context:
│ Protocol : TLS1.2
│ Cipher : AES-256-CBC
│ Kx : DHE-RSA
│ Compression : NULL
│ PSK : (null)
│ ID : D18B216F82B277FCA97B95E35E91A323F922873483FD02FB025FE94106CB50C3
[✔] Send HTTP GET.
[✔] Get HTTP answer:
│ HTTP/1.1 301 Moved Permanently
[✔] End TLS connection.
[✔] waiting 10 seconds.
[✔] Initialize TLS session.
[✔] Enable use of session tickets (RFC 5077).
[✔] Copy old session.
[✔] Connect to mysite:443.
[✔] Start TLS renegotiation.
[✔] Check if session was reused:
│ SSL session correctly reused
[✔] Get current session:
│ Session context:
│ Protocol : TLS1.2
│ Cipher : AES-256-CBC
│ Kx : DHE-RSA
│ Compression : NULL
│ PSK : (null)
│ ID : D18B216F82B277FCA97B95E35E91A323F922873483FD02FB025FE94106CB50C3
[✔] Send HTTP GET.
[✔] Get HTTP answer:
│ HTTP/1.1 301 Moved Permanently
[✔] End TLS connection.

So I thought when I enable full debugging, I'd see the relevant debug
information in the error log, such as ssl new session / ssl get session
from ngx_event_openssl.c - of which nothing is shown however.

FWIW, the reason why I am actually trying to debug this is because for
some reason, when I choose a larger delay between the two test
renegotiation, instead of 10s, let's say 3600s, then the previous
session would not get reused - despite the fact that in my nginx site
config, I set a very large session timeout (1680m).

Cheers,
Alex

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Various debugging info not shown (

Alex October 27, 2013 11:06AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 244
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready