[SERVER-9307] Server can abort SSL handshake for clients that have SSL session caching enabled Created: 09/Apr/13  Updated: 11/Jul/16  Resolved: 10/Apr/13

Status: Closed
Project: Core Server
Component/s: Networking
Affects Version/s: 2.4.1
Fix Version/s: 2.4.3, 2.5.0

Type: Bug Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Eric Milkie
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Zip Archive ssltest.zip    
Issue Links:
Related
is related to SERVER-10261 Disable SSL session caching on server... Closed
Operating System: ALL
Steps To Reproduce:
  • Start an SSL-enabled server with options: { sslCAFile: "ca.pem", sslOnNormalPorts: true, sslPEMKeyFile: "server.pem" }
  • Unzip the attached java program
  • Run ssltest.sh
Participants:

 Description   

Message in logs looks like:

Tue Apr  9 20:41:09.438 [initandlisten] connection accepted from 127.0.0.1:49758 #4 (3 connections now open)
Tue Apr  9 20:41:09.440 [conn4] ERROR: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized
Tue Apr  9 20:41:09.440 [conn4] SocketException handling request, closing client connection: 9001 socket exception [6]



 Comments   
Comment by auto [ 18/Apr/13 ]

Author:

{u'date': u'2013-04-10T19:13:31Z', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}

Message: SERVER-9307 initialize session id context to support session caching on the server

You must set the context in order for session caching to work.
This would normally fail silently without setting the context, but when you turn on
certificate validation and attempt to reuse a session, the attempt will actively fail and
return an error on the server.
The Java driver does make use of restartable sessions and is affected by this issue.
Branch: v2.4
https://github.com/mongodb/mongo/commit/63970873031d29f7eafbe1bd3d441578e7f675d3

Comment by auto [ 10/Apr/13 ]

Author:

{u'date': u'2013-04-10T19:13:31Z', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}

Message: SERVER-9307 initialize session id context to support session caching on the server

You must set the context in order for session caching to work.
This would normally fail silently without setting the context, but when you turn on
certificate validation and attempt to reuse a session, the attempt will actively fail and
return an error on the server.
The Java driver does make use of restartable sessions and is affected by this issue.
Branch: master
https://github.com/mongodb/mongo/commit/74409f3cb7a2122610842955ed1c6ed7dd1779e6

Generated at Thu Feb 08 03:20:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.