SSL_SESSION_ID on RHEL 5.5am 10.05.2010 15:51:09 von Michael
For security reasons I'm using env var SSL_SESSION_ID to cross-check the
application's session ID with the SSL session ID in my web application. This
works without any issues on my openSUSE boxes. Browser is Seamonkey 2.0.4.
But I have problems with Apache 2.2.3 shipped with
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
Cery soon the SSL session seems to be renegotiated resulting in a new value in
Relevant settings for SSL session resumptions:
Any hint? Were there relevant fixes to mod_ssl after release 2.2.3? Or maybe
Red Hat backported patches against renegotiation attacks which cause the issue?
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List email@example.com
Automated List Manager firstname.lastname@example.org