[TLS] Re: when is it ok to resume a cached SSL/TLS session
Eric Rescorla <ekr@networkresonance.com> Mon, 15 January 2007 15:38 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6TuV-0004py-TD; Mon, 15 Jan 2007 10:38:11 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H6TuU-0004pt-PD for tls@ietf.org; Mon, 15 Jan 2007 10:38:10 -0500
Received: from laser.networkresonance.com ([198.144.196.2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H6TuR-0006Yo-Co for tls@ietf.org; Mon, 15 Jan 2007 10:38:10 -0500
Received: from networkresonance.com (raman.networkresonance.com [198.144.196.3]) by laser.networkresonance.com (Postfix) with ESMTP id A77285C01E; Mon, 15 Jan 2007 07:46:00 -0800 (PST)
To: martin.rex@sap.com
In-reply-to: Your message of "Mon, 15 Jan 2007 15:01:56 +0100." <200701151401.PAA27837@uw1048.wdf.sap.corp>
X-Mailer: MH-E 7.4.3; nmh 1.2; XEmacs 21.4 (patch 19)
Date: Mon, 15 Jan 2007 07:38:04 -0800
From: Eric Rescorla <ekr@networkresonance.com>
Message-Id: <20070115154600.A77285C01E@laser.networkresonance.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
Cc: tls@ietf.org
Subject: [TLS] Re: when is it ok to resume a cached SSL/TLS session
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Martin Rex <martin.rex@sap.com> wrote: > Eric Rescorla wrote: > > > > Yes, it's discussed extensively in the SBR04 paper on Client-Side > > Session Caching. > > > > Shacham, H., Boneh, D., and E. Rescorla, "Client-side > > caching for TLS", Transactions on Information and System > > Security (TISSEC) , Volume 7, Issue 4, November 2004. > > Since you didn't include an URL, I assume this isn't available online > anwhere. No, I just forgot. http://www.hovav.net/dist/sslex.pdf > We have just been reported by one of our customers what I consider > a bug in the client side SSL/TLS session cache of a popular Browser, > failing on a flawed assumption. > > Scenario: A host running two seperate SSL/TLS secured services > (a J2EE- and a C/C++-built serice) on different TCP-Ports using > seperate SSL/TLS (one is pure Java, the other pure C) implementations > that differ in the highest supported protocol version. > > The Service with the newer implementation is the "main service" > or entry point, and it sometimes generates URLs > referencing the other service (same host, different TCP-Port) > with the older SSL/TLS implementation. > > > The problem: The popular browser, when trying to access the older > SSL/TLS implementation on a different TCP-Port is sending a > session ID from the newer SSL/TLS implementation, apparently trying > to resume an existing SSL session in the client-side session cache. > > The server doesn't recognize that session and replies with > a Server Hello containing his highest protocol version, plus > plus server certificate message plus client cert request plus > server hello done. The popular Web Browser closes the network > connection without sending any kind of SSL alert and shows > "Page cannot be displayed" to the user. > > > I firmly believe that this is a conceptual flaw on the client > side, making a flawed assumption about when a cached SSL session > can be expected to be resumable. ISTM that there are two issues here: 1. Whether the client should have offered asession ID. 2. Whether it should have choked when the server refused. Without taking a position on the first, which I think is tricky, the client should definitely not have choked. Servers can always refuse to accept a resumption. -Ekr _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Question on Stateless TLS Session Resumption Narayanan, Vidya
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] Re: when is it ok to resume a cached SSL/TL… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Kyle Hamilton
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- RE: [TLS] Question on Stateless TLS Session Resum… Narayanan, Vidya
- Re: [TLS] when is it ok to resume a cached SSL/TL… Martin Rex