2008-12-04 09:46:40 UTC
I am using wolfssl to connect to a Tomcat server.
If I don't try to reuse the session id everything works fine.
When a session id is no longer valid wolfssl just negotiates a new session id, no problem.
However, when I restart tomcat in between two wolfssl calls (while trying to reuse the ID), the SSL_connect call hangs until the tomcat servers times it out (or in case of a non blocking implementation SSL_connect asks for more data which never arrives).

This does not happen with an apache server however other SSL implementations do not have the same issue with Tomcat.

Can you throw a few ideas about what can be the root cause for this and how can I go about debugging? I'd be happy to troubleshoot and "dive in the code" but will need a few pointers on where to start looking.

Yuval
#
touskaProject Admin

[Avatar]
2008-12-04 20:18:14 UTC
It sounds like the Tomcat server is trying to resume a session even though it no longer has context for it. Unless wolfSSL gets an error from the server it has no idea what's going on, eventually the socket call times it out. Not sure how the other implementations are catching this unless they're setting up their own timers to override the tcp ones. Are you sure the other ones are correctly sending the session ID in the client hello to try and resume?

Can you send me a wireshark trace of the wolfSSL failed connection attempt and also one of a different implementation successfully connecting after a hard reset while trying to resume? That may shed some more light on it for us.

Thanks.