Bug 1731182 - Interoperability test cases with session resumption sometimes fail to resume all sessions [rhel-8]
Summary: Interoperability test cases with session resumption sometimes fail to resume ...
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: nss
Version: 8.1
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: nss-nspr-maint
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 1766580
TreeView+ depends on / blocked
 
Reported: 2019-07-18 14:28 UTC by Hubert Kario
Modified: 2021-01-08 22:43 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1766580 (view as bug list)
Environment:
Last Closed: 2021-01-08 22:43:19 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Mozilla Foundation 1590129 0 P3 NEW The stsclnt doesn't always resume the expected number of sessions 2021-01-18 08:27:55 UTC

Description Hubert Kario 2019-07-18 14:28:18 UTC
Description of problem:
strsclnt resumes fewer session than expected

Version-Release number of selected component (if applicable):
nss-3.44.0-7.el8_0

How reproducible:
random, infrequent (around 1 in 500 connections)

Steps to Reproduce:
1. run strsclnt against GnuTLS or OpenSSL server:
/usr/lib64/nss/unsupported-tools/strsclnt -c 10 -P 20 -p 4433 -C :1303 -J rsa_pss_pss_sha256,rsa_pss_pss_sha384,rsa_pss_pss_sha512 -d sql:./ca-db/ -V tls1.3:tls1.3 localhost &> client.log

Actual results:
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 0 cache hits; 0 cache misses, 0 cache not reusable
          0 stateless resumes
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 7 cache hits; 0 cache misses, 0 cache not reusable
          7 stateless resumes

Expected results:
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 0 cache hits; 0 cache misses, 0 cache not reusable
          0 stateless resumes
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 8 cache hits; 0 cache misses, 0 cache not reusable
          8 stateless resumes

Additional info:

Comment 1 Bob Relyea 2019-11-27 17:23:32 UTC
Setting Release Target to 8.3, the next expect nss rebase assuming upstream has a patch.

Comment 6 Bob Relyea 2021-01-08 22:43:19 UTC
This issue is now tracked in Jira: https://issues.redhat.com/browse/CRYPTO-3166


Note You need to log in before you can comment on or make changes to this bug.