Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Don't resume OpenSSL DTLS session for PSK-NEGOTIATE
Now that we are using a custom extension instead of the session-id hack, we no longer need to pretend to resume a session. It was causing a session-id of 32 zeroes to be included in the ClientHello. With OpenSSL 1.1+, that was causing fragmentation which ocserv couldn't cope with. Perhaps ocserv *should* have coped with that fragmentation, and perhaps we should increase our initial idea of the MTU to avoid the fragmentation. But certainly we shouldn't be including an all-zero session-id for resumption either. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
- Loading branch information
David Woodhouse
authored and
David Woodhouse
committed
Oct 4, 2016
1 parent
bd7d9fa
commit 816a2b4
Showing
1 changed file
with
36 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters