[#MXS-1739] OpenSSL session caching is enabled

[MXS-1739] OpenSSL session caching is enabled Created: 2018-03-24 Updated: 2020-08-25 Resolved: 2018-03-27
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	Core
Affects Version/s:	2.1.15
Fix Version/s:	2.1.16

Type:

Bug

Priority:

Major

Reporter:

markus makela

Assignee:

markus makela

Resolution:

Fixed

Votes:

Labels:

None

Description

The OpenSSL session cache is enabled by default but the session ID context is not set. This causes errors to be logged if the client requests session caching.

A solution to this is to disable the session caching by adding the following call to listener.c.

SSL_CTX_set_session_cache_mode(ssl_listener->ctx, SSL_SESS_CACHE_OFF);

Comments

Comment by markus makela [ 2018-03-24 ]

Here's a pretty good argument against enabling the session cache: https://www.postgresql.org/message-id/22227.1501632275%40sss.pgh.pa.us

Mainly for the reasons mentioned in the comment above, disabling the session cache appears to be an adequate solution.

One option would be to enable client side caching by using SSL_SESS_CACHE_CLIENT. If my understanding of this mode is correct, the use of this mode would not require the server to define the context ID.

Comment by markus makela [ 2018-03-27 ]

The cache is now disabled.

Generated at Thu Feb 08 04:09:03 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-1739] OpenSSL session caching is enabled Created: 2018-03-24 Updated: 2020-08-25 Resolved: 2018-03-27