mod_ssl: SSL handshake is done on every request

--_5b58eb52-beca-47dd-b99b-75f7be34e9ba_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Is there anyone who can help to this unanswered topic... ?

From: devexplorer@hotmail.com
To: users@httpd.apache.org
Subject: mod_ssl: SSL handshake is done on every request
Date: Mon=2C 21 Dec 2009 11:35:10 +0100








Dear=2C

I am running Apache 2.2.14.=20
I also applied the patch to enforce SSL renegotiation from server only.

Testing the proposed solution in SSL mutual authentication context=2C the f=
ull renegotiation is done once but I noticed that the handshake is done for=
every request.
The test web page is made of 30 request/responses and we can see from the L=
OG that 30 handshakes are done even though session is found in cache.

Below=2C extract of the LOG files:

' ssl_engine_kernel.c: Performing full renegotiation: complete handshake pr=
otocol
' ssl_engine_kernel.c: OpenSSL: Handshake: start
' ssl_engine_kernel.c: OpenSSL: Loop: SSL renegotiate ciphers
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write hello request A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 flush data
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write hello request C
....
' ssl_engine_kernel.c: Inter-Process Session Cache: request=3DSET status=3D=
OK id=3DD893868C1224CF057AFE1C604B7C7725E23E92F22CB6EE338997038 F95533213 ti=
meout=3D3600s (session caching)
' ssl_engine_kernel.c: OpenSSL: Handshake: done
....
' ssl_engine_kernel.c: OpenSSL: Handshake: start
' ssl_engine_kernel.c: OpenSSL: Loop: before/accept initialization
....
' ssl_engine_kernel.c: Inter-Process Session Cache: request=3DGET status=3D=
FOUND id=3DD893868C1224CF057AFE1C604B7C7725E23E92F22CB6EE338997038 F95533213=
(session reuse)
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 read client hello A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server hello A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write certificate A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server done A
....
' ssl_engine_kernel.c: OpenSSL: Handshake: start
' ssl_engine_kernel.c: OpenSSL: Loop: before/accept initialization
....
' ssl_engine_kernel.c: Inter-Process Session Cache: request=3DGET status=3D=
FOUND id=3DD893868C1224CF057AFE1C604B7C7725E23E92F22CB6EE338997038 F95533213=
(session reuse)
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 read client hello A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server hello A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write certificate A
' ssl_engine_kernel.c: OpenSSL: Loop: SSLv3 write server done A
....

- What is the reason of the handshake for every request?
- What is the purpose of the cache?
- Is the new handshake conveyed under the existing ssl session?
- How to avoid theses handshakes if not required?

Thanks.

Regards=2C

Ben.

=20
Windows Live: Friends get your Flickr=2C Yelp=2C and Digg updates when the=
y e-mail you. =20
____________________________________________________________ _____
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see- it-in-action/so=
cial-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON:WL:en -xm:SI_SB_1:092=
010=

--_5b58eb52-beca-47dd-b99b-75f7be34e9ba_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable






Is there anyone who can help to this unanswered topic... ?