You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/07/14 22:11:12 UTC

DO NOT REPLY [Bug 44961] SSL session resumption does not properly work with openssl > 0.9.8f

https://issues.apache.org/bugzilla/show_bug.cgi?id=44961

strodgers <st...@caci.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |strodgers@caci.com

--- Comment #1 from strodgers <st...@caci.com> 2011-07-14 20:11:12 UTC ---
Is there anything that can be done to help get this some more attention?  The
way HTTPD is currently assigning SSL session contexts during full renegotiation
truly does appear to be broken.  This is preventing +OptRenegotiate (quick
renegotiation) from working as designed and documented.  The customer base I
support uses hardware-based client certificates which are noticeably slow when
HTTPD forces full renegotiations for each object because of this bug.  There
are workarounds that help, but this is an actual problem and a documented
feature that is broken.

I started at bug #47055, and landed here.  I’ve applied each suggested patch
along the way and this bug report explanation and patch seems to be the most
elegant.  I’d be delighted to assist with testing in order to get an official
fix signed off and committed.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org