SSL_CTX_set_timeout does not work properly

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SSL_CTX_set_timeout does not work properly

Devang Kubavat

Hi,

I am using Ticket based Session Resumption in my application. I need to control ‘timeout of the session’. So as per the document I can set the timeout of the session using SSL_CTX_set_timeout(SSL_CTX *ctx, long t);

 

I used SSL_CTX_set_timeout(ctx, 500);

I am able to resume the session up to 500 seconds and after 500 seconds, the session fails to resume which is as expected.

 

But when I set t=0 in SSL_CTX_set_timeout(ctx,0), I am getting different behavior.

Session is resumed up to 7200 seconds. Wireshark log shows Ticket Lifetime Hint: 7200 seconds.

 

According to me the session should not resume. Can anyone please help me why it is behaving like this.

Best Regards,
Devang


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL_CTX_set_timeout does not work properly

Viktor Dukhovni
On Wed, Feb 01, 2017 at 11:26:30AM +0000, Devang Kubavat wrote:

> But when I set t=0 in SSL_CTX_set_timeout(ctx,0), I am getting different behavior.
> Session is resumed up to 7200 seconds. Wireshark log shows Ticket Lifetime Hint: 7200 seconds.

Instead of setting a zero-timeout, just disable session resumption:

    SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
    SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...