Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] SSL session resumption with Jetty 9 
Hi,

On Mon, Oct 7, 2013 at 7:58 PM, Ben Summers <ben@xxxxxxxxxxxx> wrote:
>
> Hello,
>
> I'm using Jetty 9.0.6.v20130930 with Java 1.7.0_40, and SSL session resumption isn't working.
>
> If I do
>
>  openssl s_client -reconnect -connect hostname:443 | grep Session-ID
>
> then the session ID is not constant, and external SSL checking tools confirm session resumption doesn't work.
>
> I have tried calling setSessionCachingEnabled(true) on the SslContextFactory, but this has no effect (as it is the default anyway).
>
> Session resumption used to work with Jetty 7.
>
> I would be very grateful for any debugging tips.

So, resumption is supposed to work out of the box if SSLEngine is
created with the (host, port) pair, which we do.
One possible problem can be due to the fact that the "host" is
specified as IP address, while the full qualified name is needed, or
viceversa.
Usually, the server cannot reverse lookup the client, so on server
side it's almost always an IP address.

If you can debug, please verify what is being passed to SSLEngine in
SslContextFactory.newSSLEngine() ?

Also, a comparison between SslContextFactory for 7 and 9 tells something ?

-- 
Simone Bordet
----
http://cometd.org
http://webtide.com
http://intalio.com
Developer advice, training, services and support
from the Jetty & CometD experts.
Intalio, the modern way to build business applications.

Back to the top