AcornSSL does not support resume sessions correctly
Dave Higton (1515) 3534 posts |
See the topic “FTPc 1.55” in Announcements. The AcornSSL module, when it starts a new secure session or upgrades an existing plain connection to secure, sends an empty SessionTicket extension. This indicates to the server that it supports RFC 5077, but it doesn’t store the returned SessionTicket or pass it on to the client for use when a new session is opened (e.g. the data connection of a secure FTP session where the secure control session already exists, by definition). The simplest solution is not to send an empty SessionTicket extension. Ultimately the module should support RFC 5077, probably with help from the module’s client. |