On 07/30 08:06, Theo Buehler wrote:
> On Wed, Jul 29, 2020 at 02:57:33PM -0700, Jeremy Evans wrote:
> > After an OpenBSD upgrade, one of Ruby's tests for SSL session
> > reuse started to fail. After some debugging, I have found that
> > if a maximum SSL version is not set by a client, then session
> > reuse does not work. Setting a minimum version does not have
> > an effect.
>
> This is an expected side-effect of switching TLS_method() to default to
> TLSv1.3
>
> https://github.com/openbsd/src/commit/94149d15d762bdbf7eef74c417c53d2b8dc7dd12
>
> By setting the max version to TLSv1 with :TLS1 (or any of the other
> defined versions :TLS1_1 or :TLS1_2), you use the legacy stack which
> supports session resumption. The minimum version is already TLSv1, so
> setting the minimum version to :TLSv1 has no effect.
>
> In TLSv1.3, the session resumption feature has been merged with
> pre-shared keys, which we may eventually support, but that's not going
> to happen very soon:
>
> https://tools.ietf.org/html/rfc8446#page-15
Theo,
Thank you very much for the information. I'll try to get a change
committed upstream now that I know the behavior is expected.
Thanks,
Jeremy
No comments:
Post a Comment