[SERVER-17022] No SSL Session Caching may not be respected Created: 23/Jan/15 Updated: 18/Sep/15 Resolved: 08/Feb/15 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.4.12, 2.6.6 |
| Fix Version/s: | 2.6.8, 3.0.0-rc9, 3.1.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Peter Garafano (Inactive) | Assignee: | Spencer Jackson |
| Resolution: | Done | Votes: | 8 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||||||||||
| Issue Links: |
|
||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||
| Backport Completed: | |||||||||||||||||||||
| Steps To Reproduce: | Run MongoDB 2.4.6 on Linux with SSL, connecting from a Windows client running the 1.9.2 version of the C# driver. Execute a script such that many connections are opened in parallel. (See attached C# class file) This test will result in an error free run of the script. Shutdown 2.4.6 and start 2.4.7 with otherwise identical settings. Run the script again, this will result in errors such as:
|
||||||||||||||||||||
| Sprint: | Security [00-02-20-15] | ||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Description |
|
Issue Status as of Feb 09, 2015 ISSUE SUMMARY Currently, the C# driver is the only driver known to produce this issue. Connection attempts meeting the following criteria may encounter this issue:
USER IMPACT
WORKAROUNDS AFFECTED VERSIONS FIX VERSION RESOLUTION DETAILS Original descriptionSomething in Windows SChannel doesn't respect the no SSL Session Caching change made in The currently available workaround is to set the ClientCacheTime registry key to 0 to disable caching, however this is a system wide change which could have unforeseen consequences in a server environment. |
| Comments |
| Comment by Githook User [ 09/Feb/15 ] |
|
Author: {u'username': u'ramonfm', u'name': u'Ramon Fernandez', u'email': u'ramon.fernandez@mongodb.com'}Message: (cherry picked from commit e6e989f7fcf70d5bf5a5645b6927ac7a889dd5b7) |
| Comment by Githook User [ 09/Feb/15 ] |
|
Author: {u'username': u'ramonfm', u'name': u'Ramon Fernandez', u'email': u'ramon.fernandez@mongodb.com'}Message: (cherry picked from commit e6e989f7fcf70d5bf5a5645b6927ac7a889dd5b7) |
| Comment by Githook User [ 09/Feb/15 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: (cherry picked from commit 74e5e2904304bef4b874c4ba68fe4e6671e1c12b) |
| Comment by Githook User [ 09/Feb/15 ] |
|
Author: {u'username': u'ramonfm', u'name': u'Ramon Fernandez', u'email': u'ramon.fernandez@mongodb.com'}Message: |
| Comment by Githook User [ 09/Feb/15 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: (cherry picked from commit 74e5e2904304bef4b874c4ba68fe4e6671e1c12b) |
| Comment by Githook User [ 08/Feb/15 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: |
| Comment by Mark Benvenuto [ 26/Jan/15 ] |
|
The SCHANNEL_CRED structure has a member variable called dwSessionLifespan which controls the session cache timeout for an individual session. Would this work for the C# driver?
|