users@glassfish.java.net

SSL session caching

From: Cyril DANGERVILLE <cyril.dangerville_at_gmail.com>
Date: Sun, 30 May 2010 01:23:42 +0200

Hello,
I can't figure out how to make the Glassfish v2.1 server cache SSL
sessions. SSL client authentication is disabled on the server. I am
testing with the openssl s_client like this:

$ openssl s_client -connect 172.17.5.213:8181 -reconnect > ssl.log

ssl.log (excerpt):

CONNECTED(00000003) 
---
Certificate chain
 0 s:/C=US/ST=California/L=Santa Clara/O=Sun Microsystems/OU=Sun
GlassFish Enterprise Server/CN=sherlock2.layer7.theresis.org
   i:/C=US/ST=California/L=Santa Clara/O=Sun Microsystems/OU=Sun
GlassFish Enterprise Server/CN=sherlock2.layer7.theresis.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC5jCCAk+gAwIBAgIES+iM6DANBgkqhkiG9w0BAQUFADCBpTELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRkw
FwYDVQQKExBTdW4gTWljcm9zeXN0ZW1zMSgwJgYDVQQLEx9TdW4gR2xhc3NGaXNo
IEVudGVycHJpc2UgU2VydmVyMSYwJAYDVQQDEx1zaGVybG9jazIubGF5ZXI3LnRo
ZXJlc2lzLm9yZzAeFw0xMDA1MTAyMjQ3MDRaFw0yMDA1MDcyMjQ3MDRaMIGlMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEg
Q2xhcmExGTAXBgNVBAoTEFN1biBNaWNyb3N5c3RlbXMxKDAmBgNVBAsTH1N1biBH
bGFzc0Zpc2ggRW50ZXJwcmlzZSBTZXJ2ZXIxJjAkBgNVBAMTHXNoZXJsb2NrMi5s
YXllcjcudGhlcmVzaXMub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCI
SaVC0IuOgoSFEb+5VMObCfr+s3N9TBHm4tcDgybxoqAutuu8lUQLBP7uIHrAnr5q
loON5NnYqTBIUFqFvoRmiBO6rGJLcmdrYFAyGfpuJ/uy6g5cviF0/azhNS+qlOOn
UjgxZ9W6HC8GecgQAk+oZiWIRdKb1TbQrsuBWjETSQIDAQABoyEwHzAdBgNVHQ4E
FgQU1EWazuIGgynlmMR2rkHHDVgjeqkwDQYJKoZIhvcNAQEFBQADgYEAKjMATvjC
FdVu4BC6ZPRTo3wztZ3zp0t9sd2JdwCxAiEnS+cqUYaMRz+0RlvIz5junKV9q/iS
q9vS2/VMd/Mlt8Uj7jNUa4r9mHahgomEBLAGIKozO4VambCMop0CZIdAerrBY3j8
3qgjtFv7c/bWiRY3V29LX7tKn4AKXnpuAm8=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Santa Clara/O=Sun Microsystems/OU=Sun
GlassFish Enterprise Server/CN=sherlock2.layer7.theresis.org
issuer=/C=US/ST=California/L=Santa Clara/O=Sun Microsystems/OU=Sun
GlassFish Enterprise Server/CN=sherlock2.layer7.theresis.org
---
No client certificate CA names sent
---
SSL handshake has read 1326 bytes and written 284 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 4C019F2A8D1CE2323C13BFD5CC335D61C56A9A5E4C22CAEB414559B12383909B
    Session-ID-ctx:
    Master-Key:
3B6FF13C5090F1AEE01D0BBD793BF3699701D33A1FD5FDF649D3BD2DE68A65A8BDC583C506D06FDE0D522F6AF06971B0
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1275174644
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
So it is not reusing the SSL session as it should be.
What am I missing?
Thanks for any help.
--Cyril
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.