Expectations for TLS session reuse

Hello all,

I have a query about the expectations for TLS session reuse that apply to HTTP user agents. I am bringing the query to this to the working group due to the consideration of the connection reuse topic captured in RFC 7540 Section 9.1.1<https://tools.ietf.org/html/rfc7540#section-9.1.1>.

The background to my question lies in a scenario that we have, where we have the set of hosts {example.net, 1. example.net, 2. example.net, 3. example.net, 4. example.net, 5. example.net} that all resolve to the same IP address. All hosts can be accessed via HTTPS on port 443. The server software is configured to support TLS 1.2 only, with TLS session IDs only. The entry point into our scenario is example.net, which provides a certificate with a subjectAlternateName that includes example.net and *.example.net.

Our test case in this scenario is making a sequence of HTTP/1.1 requests to the set of hosts, starting with example.net and then moving through the hosts (in incrementing order). SNI is used and indicates the name of the host being requested at that time. We had some ideas on how a user agent might approach TLS session reuse in this test case. However, after searching across a range of sources, we were unable to find a definitive, simple answer.

The majority of our testing is based on libcurl, and we have a thread on the curl-library mailing list<https://curl.haxx.se/mail/lib-2016-11/0179.html> that has led to us opening out the question here.

Our first test round used a client built on libcurl/7.29.0 and NSS/3.19.1. This showed session reuse across the hosts, and the server software (nginx) was happy to process the requests.

Our second test round, used a newer version of libcurl and a variety of SSL backends (NSS, OpenSSL, GnuTLS).  This showed no session reuse. Kamil Dudka pointed us to this Mozilla bug ticket<https://bugzilla.mozilla.org/show_bug.cgi?id=1202264> as a possible cause of the change in behaviour.

Out third test round used a recent version of Firefox. This showed no session reuse.

It would seem the first test round is an anomaly. However, the subsequent tests only characterise what those implementations do, not what a TLS client could do in terms of session reuse. I guess my final question is, regardless of HTTP version, should we have any expectation of session reuse in our scenario (client permitting) or is this type of reuse not a "good thing" and therefore is not implemented for good reason?

Regards
Lucas

Received on Friday, 9 December 2016 12:03:28 UTC