[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] Help with Session Caching...



Cool. Thanks Todd.

I know for certain that version of WebSeal we use uses OpenSSL, but that they
are chaing it the next majot release to something in-house (so probably the same
clean room SSL imp. you were talking about).

I was guessing at the WebSphere side of things.

Thanks for the correction/insight.

Gil.

"Todd E. Johnson" wrote:

> Just a comment on what I am quoting below:
>
> "But the WebSphere, which is an APACHE server with SSL (Presumably also with
> openSSL) "
>
> We contacted IBM in regards to the IBM HTTPServer (Apache) about the SSL
> implementation.  They claim that it is a "Clean Room" developed
> cryptographic provider from IBM and is not based on any other SSL
> impementation.   Not trying to correct you, just spreading the news....
>
>     Regards,
>
> tjohnson@wirefire.com
> tejohnson@bpd.treas.gov
>
> ----- Original Message -----
> From: "Gil Peeters" <gil@cancas.com>
> To: <iaik-ssl@iaik.tu-graz.ac.at>
> Sent: Thursday, January 25, 2001 10:41 AM
> Subject: Re: [iaik-ssl] Help with Session Caching...
>
> > Thanks for the quick response, but I found the solution about 2 minutes
> > after sending the e-mail!
> >
> > I tried connecting to another ssl server (an IBM WEB SPHERE server) and
> > here the 2 connects DID use the same session id. I then checked the doco a
> > bit more carefully (RTFM!) and found the following comment in the
> > SSLContext Doco:
> >
> > "cache terminated sessions: A boolean value determining whether or not to
> > resume sessions that have not been properly shutdown. Per spec this should
> > not be done, this exists only to improve performance when communicating
> > with bad server implementations.
> >      default value: false
> >
> > So i tried setting this to 'true', and tried again..... BINGO!
> >
> > So it looks like the IBM WebSeal version we are using here does not
> > implement SSL according to spec. From what I understand WebSeal uses
> > OpenSSL/SSLLeay for SSL, so that seems a bit suspect. But the WebSphere,
> > which is an APACHE server with SSL (Presumably also with openSSL) does
> > implement the spec correctly. V Strange. Probably different versions of
> > OpenSSL.0
> >
> > Thanks for all your quick responses.
> >
> > Gil.
> >
> > Gil Peeters wrote:
> > >
> > > Howdy,
> > >
> > > Need some urgent Help.
> > >
> > > We have a purchased version of SSilk v3.5 (KBC Bank).
> > >
> > > We use the HttpsURLConnection classes to connect to an IBM WebSeal
> Server
> > > which requireds 2 POST requests over the SAME SSL SESSION!!
> > >
> > > If I create an SSL Session, set to POST, write the post data, read the
> > > response, and the do the same again to the same URL it does not re-use
> the
> > > same SSLSocket or Session!!!
> > >
> > > Is there anything I have to configure in the underlying W3C JIGSAW
> classes
> > > to make the HttpsURLConnecion re-use the sockets??
> > >
> > > Thnaks
> > >
> > > Gil.
> > >
> > > --
> > > ================================================
> > > Gil Peeters
> > > BVBA CANCAS I.T.
> > > Willemsstraat 2
> > > 3000 Leuven
> > > Belgium
> > > ================================================
> > > JAVA and Distributed Object Specialists
> > > ================================================
> > > --
> > > Mailinglist-archive at
> http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
> > >
> > > To unsubscribe send an email to listserv@iaik.at with the folowing
> content: UNSUBSCRIBE iaik-ssl
> > >
> >
> > --
> > ================================================
> > Gil Peeters
> > BVBA CANCAS I.T.
> > Willemsstraat 2
> > 3000 Leuven
> > Belgium
> > ================================================
> > JAVA and Distributed Object Specialists
> > ================================================
> > --
> > Mailinglist-archive at
> http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
> >
> > To unsubscribe send an email to listserv@iaik.at with the folowing
> content: UNSUBSCRIBE iaik-ssl
> >

--
-----------------------------------------
 Gil Peeters
 CANCAS I.T. (bvba)
 Willemsstraat 2
 3000 Leuven, Belgium
-----------------------------------------
 JAVA and Distributed Object Specialists
-----------------------------------------


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl