SSL_session_reused apiThis is a discussion on SSL_session_reused api within the Openssl forums, part of the Tools category; Hi All I have been using this API to dump in my statistics logs whether the SSL session is reused or not in a windows openSSL based client. Everything was ... | ||||||||
| ||||||||
| Unix Content | Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
#1
08-19-2008, 11:45 AM
|
 SSL_session_reused api Hi All I have been using this API to dump in my statistics logs whether the SSL session is reused or not in a windows openSSL based client. Everything was good till i was using 9.7e. The session reuse works fine and the logs were correctly showing session reused as 1 and sniffer traces reconfirms that indeed my client reuses the SSL session.. But once I upgraded the Openssl libeay32.dll and ssleay32.dll to 9.8b the session is still getting reused as per sniffer traces (i checked the 32 byte session Id in client hello and server hello and they match). but the return value of SSL_session_reused API returns session reused as one. With same client code, once I revert back to old OpenSSL APIs, the session reused is indicated as 1 and thus good. Thus surely either I am using some old (obsolete) API that shouldn't be used or there is some issues introduced in between 9.7e and 9.8b. In case anyone else face same issue or know any other API that should be used or any other pointers please revert back.. Thanks in advance regards Krishna  |
|
#2
08-19-2008, 11:48 AM
|
| SSL_session_reused api Hi All I have been using this API to dump in my statistics logs whether the SSL session is reused or not in a windows openSSL based client. Everything was good till i was using 9.7e. The session reuse works fine and the logs were correctly showing session reused as 1 and sniffer traces reconfirms that indeed my client reuses the SSL session.. But once I upgraded the Openssl libeay32.dll and ssleay32.dll to 9.8b the session is still getting reused as per sniffer traces (i checked the 32 byte session Id in client hello and server hello and they match). but the return value of SSL_session_reused API returns session reused as one. With same client code, once I revert back to old OpenSSL APIs, the session reused is indicated as 1 and thus good. Thus surely either I am using some old (obsolete) API that shouldn't be used or there is some issues introduced in between 9.7e and 9.8b. In case anyone else face same issue or know any other API that should be used or any other pointers please revert back.. Thanks in advance regards Krishna __________________________________________________ ____________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majordomo@openssl.org |
|
#3
08-26-2008, 04:30 PM
|
| SSL_session_reused api Hi All I have been using this API to dump in my statistics logs whether the SSL session is reused or not in a windows openSSL based client. Everything was good till i was using 9.7e. The session reuse works fine and the logs were correctly showing session reused as 1 and sniffer traces reconfirms that indeed my client reuses the SSL session.. But once I upgraded the Openssl libeay32.dll and ssleay32.dll to 9.8b the session is still getting reused as per sniffer traces (i checked the 32 byte session Id in client hello and server hello and they match). but the return value of SSL_session_reused API returns session reused as one. With same client code, once I revert back to old OpenSSL APIs, the session reused is indicated as 1 and thus good. Thus surely either I am using some old (obsolete) API that shouldn't be used or there is some issues introduced in between 9.7e and 9.8b. In case anyone else face same issue or know any other API that should be used or any other pointers please revert back.. Thanks in advance regards Krishna PS: Sorry for sending again to the group.. __________________________________________________ ____________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majordomo@openssl.org |
|
#4
09-08-2008, 07:09 AM
|
| Re: SSL_session_reused api Krishna M Singh wrote: > Hi All > > I have been using this API to dump in my statistics logs whether the > SSL session is reused or not in a windows openSSL based client. > Everything was good till i was using 9.7e. The session reuse works > fine and the logs were correctly showing session reused as 1 and > sniffer traces reconfirms that indeed my client reuses the SSL > session.. > > But once I upgraded the Openssl libeay32.dll and ssleay32.dll to 9.8b > the session is still getting reused as per sniffer traces (i checked > the 32 byte session Id in client hello and server hello and they > match). but the return value of SSL_session_reused API returns session > reused as one. With same client code, once I revert back to old > OpenSSL APIs, the session reused is indicated as 1 and thus good. Thus > surely either I am using some old (obsolete) API that shouldn't be > used or there is some issues introduced in between 9.7e and 9.8b. > Please allow me to clarify: according to your statement the function returns "one" in one case and "1" in the other? Probably you meant something different??? Best regards, Lutz __________________________________________________ ____________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majordomo@openssl.org |
|
#5
09-17-2008, 05:18 AM
|
| Re: SSL_session_reused api Thanks Lutz for pointing out the problem in my post. What i meant is SSL_session_reused returns 0 always when we see in 9.8b even when the SSL session is reused as per the sniffer traces. But if we try 0.97e SSL_session_reused returns 0 or 1 correctly based on whether the SSL session is reused or not.. Has anyone able to report correctly the session reuse status using this API (or other API if any) in 0.9.8b release ?? thanks Krishna On Sep 8, 4:09 pm, l...@lutz-jaenicke.de (Lutz Jaenicke) wrote: > Krishna M Singh wrote: > > Hi All > > > I have been using this API to dump in my statistics logs whether the > > SSL session is reused or not in a windows openSSL based client. > > Everything was good till i was using 9.7e. The session reuse works > > fine and the logs were correctly showing session reused as 1 and > > sniffer traces reconfirms that indeed my client reuses the SSL > > session.. > > > But once I upgraded the Openssl libeay32.dll and ssleay32.dll to 9.8b > > the session is still getting reused as per sniffer traces (i checked > > the 32 byte session Id in client hello and server hello and they > > match). but the return value of SSL_session_reused API returns session > > reused as one. With same client code, once I revert back to old > > OpenSSL APIs, the session reused is indicated as 1 and thus good. Thus > > surely either I am using some old (obsolete) API that shouldn't be > > used or there is some issues introduced in between 9.7e and 9.8b. > > Please allow me to clarify: according to your statement the > function returns "one" in one case and "1" in the other? > Probably you meant something different??? > > Best regards, > Lutz > __________________________________________________ ____________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org |
