Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure not to invalidate SSL sessions when closing with https_compatible=True #415

Open
njsmith opened this issue Jan 22, 2018 · 0 comments
Open

Make sure not to invalidate SSL sessions when closing with https_compatible=True #415

njsmith opened this issue Jan 22, 2018 · 0 comments
Labels
TLS Relevant to our TLS/SSL implementation

Comments

@njsmith
Copy link
Member

njsmith commented Jan 22, 2018

Allegedly, if you use OpenSSL and close an SSL connection without sending or receiving a close-notify, then OpenSSL invalidates any negotiated session ticket. If true then this is annoying and bad. Future versions of Python might work around it, but possibly we should work around it first.

I believe this is easy: when we want to do an unclean shutdown, then tell our SSLObject to do a clean shutdown... and then throw away the bytes it gives us, instead of sending them. Gross hack, but it should work.

How do we test this? We already have a bunch of pyopenssl code for testing; maybe it gives some way to tell whether a session is successfully reused?
@oremanj oremanj added the TLS Relevant to our TLS/SSL implementation label May 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
TLS Relevant to our TLS/SSL implementation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@njsmith @oremanj