Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

sqldatasource dal, wwwxxxenden, convert raid5 to raid 10 mdadm, apache force chunked, nrao wwwxxx, xxxxxdup, procmail change subject header, wwwXxx not20, Wwwxxx.doks sas, linux raid resync after reboot

Links

XODOX
Impressum

#1: SSL_SESSION_ID on RHEL 5.5

Posted on 2010-05-10 15:51:09 by Michael

HI!

For security reasons I'm using env var SSL_SESSION_ID to cross-check the
application's session ID with the SSL session ID in my web application. This
works without any issues on my openSUSE boxes. Browser is Seamonkey 2.0.4.

But I have problems with Apache 2.2.3 shipped with
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
Cery soon the SSL session seems to be renegotiated resulting in a new value in
SSL_SESSION_ID

Relevant settings for SSL session resumptions:

SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 7200

Any hint? Were there relevant fixes to mod_ssl after release 2.2.3? Or maybe
Red Hat backported patches against renegotiation attacks which cause the issue?

Ciao, Michael.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message