[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] Help with Session Caching...



Just a comment on what I am quoting below:

"But the WebSphere, which is an APACHE server with SSL (Presumably also with
openSSL) "

We contacted IBM in regards to the IBM HTTPServer (Apache) about the SSL
implementation.  They claim that it is a "Clean Room" developed
cryptographic provider from IBM and is not based on any other SSL
impementation.   Not trying to correct you, just spreading the news....

    Regards,

tjohnson@wirefire.com
tejohnson@bpd.treas.gov


----- Original Message -----
From: "Gil Peeters" <gil@cancas.com>
To: <iaik-ssl@iaik.tu-graz.ac.at>
Sent: Thursday, January 25, 2001 10:41 AM
Subject: Re: [iaik-ssl] Help with Session Caching...


> Thanks for the quick response, but I found the solution about 2 minutes
> after sending the e-mail!
>
> I tried connecting to another ssl server (an IBM WEB SPHERE server) and
> here the 2 connects DID use the same session id. I then checked the doco a
> bit more carefully (RTFM!) and found the following comment in the
> SSLContext Doco:
>
> "cache terminated sessions: A boolean value determining whether or not to
> resume sessions that have not been properly shutdown. Per spec this should
> not be done, this exists only to improve performance when communicating
> with bad server implementations.
>      default value: false
>
> So i tried setting this to 'true', and tried again..... BINGO!
>
> So it looks like the IBM WebSeal version we are using here does not
> implement SSL according to spec. From what I understand WebSeal uses
> OpenSSL/SSLLeay for SSL, so that seems a bit suspect. But the WebSphere,
> which is an APACHE server with SSL (Presumably also with openSSL) does
> implement the spec correctly. V Strange. Probably different versions of
> OpenSSL.0
>
> Thanks for all your quick responses.
>
> Gil.
>
> Gil Peeters wrote:
> >
> > Howdy,
> >
> > Need some urgent Help.
> >
> > We have a purchased version of SSilk v3.5 (KBC Bank).
> >
> > We use the HttpsURLConnection classes to connect to an IBM WebSeal
Server
> > which requireds 2 POST requests over the SAME SSL SESSION!!
> >
> > If I create an SSL Session, set to POST, write the post data, read the
> > response, and the do the same again to the same URL it does not re-use
the
> > same SSLSocket or Session!!!
> >
> > Is there anything I have to configure in the underlying W3C JIGSAW
classes
> > to make the HttpsURLConnecion re-use the sockets??
> >
> > Thnaks
> >
> > Gil.
> >
> > --
> > ================================================
> > Gil Peeters
> > BVBA CANCAS I.T.
> > Willemsstraat 2
> > 3000 Leuven
> > Belgium
> > ================================================
> > JAVA and Distributed Object Specialists
> > ================================================
> > --
> > Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
> >
> > To unsubscribe send an email to listserv@iaik.at with the folowing
content: UNSUBSCRIBE iaik-ssl
> >
>
> --
> ================================================
> Gil Peeters
> BVBA CANCAS I.T.
> Willemsstraat 2
> 3000 Leuven
> Belgium
> ================================================
> JAVA and Distributed Object Specialists
> ================================================
> --
> Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
>
> To unsubscribe send an email to listserv@iaik.at with the folowing
content: UNSUBSCRIBE iaik-ssl
>

smime.p7s