[Twisted-Python] Fwd: Trouble with session id reuse/disabling with twisted TLS
Henrik Thostrup Jensen
thostrup at gmail.com
Wed Apr 30 15:16:23 MDT 2014
Hi
On 30 April 2014 19:26, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>
> https://twistedmatrix.com/documents/12.0.0/core/howto/ssl.html#auto2
>
> ...seems to work fine for me on both Twisted 12.1.0 / pyOpenSSL 0.13.1 and
> Twisted 13.2.0 / pyOpenSSL 0.14. I'm testing using:
>
> openssl s_client -connect host:port -reconnect
>
> ...and seeing:
>
> drop connection and then reconnect
> CONNECTED(00000003)
> ---
> Reused, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
>
> ^^^^^^ looks ok.
>
> What do you see if you use that openssl command to test?
...
drop connection and then reconnect
CONNECTED(00000003)
3074107592:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:596:
Same error mesage on the service side.
However, someone pointed me to this:
https://stackoverflow.com/questions/22378442/how-to-disable-session-resumption-in-pyopenssl
Adding in:
ctx.set_options(OP_NO_TICKET)
Fixes the issue (well, the client no longer attemps to reuse the session).
Since there is absolutely nothing performance sensitive about this,
that is good enough for me.
> Can you reduce it to a sscce with a fake self-signed cert?
Might try tomorrow.
--
- Henrik
More information about the Twisted-Python
mailing list