[Bug 59811] New: TLS Session ID not available if session tickets are used

bugzilla Wed, 06 Jul 2016 08:12:16 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=59811


            Bug ID: 59811
           Summary: TLS Session ID not available if session tickets are
                    used
           Product: Tomcat Native
           Version: 1.2.9
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Library
          Assignee: dev@tomcat.apache.org
          Reporter: ma...@apache.org

First reported on StackOverflow:
http://stackoverflow.com/questions/38178536/tomcat-ssl-illegalstateexception-ssl-session-id-not-available

The current implementation of SSL.getSessionId() returns null if the session ID
length is zero. If session tickets are used, OpenSSL sets the length to zero.

The null session Id results in an ISE:

java.lang.IllegalStateException: SSL session ID not available
 at
org.apache.tomcat.util.net.openssl.OpenSSLEngine$OpenSSLSession.getId(OpenSSLEngine.java:1048)
 at
org.apache.tomcat.util.net.jsse.JSSESupport.getSessionId(JSSESupport.java:156)

etc.

We need to see if we can get the current session Id from tie ticket. If not,
the ISE needs to be removed.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59811] New: TLS Session ID not available if session tickets are used

Reply via email to