Bug 1766580

Summary: Interoperability test cases with session resumption sometimes fail to resume all sessions [rhel-7]
Product: Red Hat Enterprise Linux 7 Reporter: Hubert Kario <hkario>
Component: nssAssignee: nss-nspr-maint <nss-nspr-maint>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: unspecified    
Version: 7.8CC: asosedki, dueno, inikolch, nss-nspr-maint, omoris, qe-baseos-security, rrelyea, szidek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1731182 Environment:
Last Closed: 2020-01-15 17:43:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1731182    
Bug Blocks:    

Description Hubert Kario 2019-10-29 12:54:13 UTC 
Same issue exists with nss-3.44.0-5.el7.x86_64

+++ This bug was initially created as a clone of Bug #1731182 +++

Description of problem:
strsclnt resumes fewer session than expected

Version-Release number of selected component (if applicable):
nss-3.44.0-7.el8_0

How reproducible:
random, infrequent (around 1 in 500 connections)

Steps to Reproduce:
1. run strsclnt against GnuTLS or OpenSSL server:
/usr/lib64/nss/unsupported-tools/strsclnt -c 10 -P 20 -p 4433 -C :1303 -J rsa_pss_pss_sha256,rsa_pss_pss_sha384,rsa_pss_pss_sha512 -d sql:./ca-db/ -V tls1.3:tls1.3 localhost &> client.log

Actual results:
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 0 cache hits; 0 cache misses, 0 cache not reusable
          0 stateless resumes
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 7 cache hits; 0 cache misses, 0 cache not reusable
          7 stateless resumes

Expected results:
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 0 cache hits; 0 cache misses, 0 cache not reusable
          0 stateless resumes
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 8 cache hits; 0 cache misses, 0 cache not reusable
          8 stateless resumes

Additional info:
Comment 2 Bob Relyea 2020-01-15 17:43:02 UTC 
If upstream comes up with a fix, we'll pick it up. We'll keep the upstream bug open.