Could not disable session resumption requested by OpenSSL client

Asked Apr 08 '15 at 07:03

Active Dec 22 '15 at 12:04

Viewed 367 times

I'm developing SSL mutual authentication in android to connect to a HTTPS website using OpenSSL library. I want to disable session resumption requested by client in OpenSSL; In other words, it is expected from the client not to sent previous session ID in the "Client Hello" message, but it sends.

I tried using SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF), but nothing changed.

Can anyone help me disable session reuse?

Thanks

edited Dec 22 '15 at 12:04

BhushanK

1,205
6
23
39

asked Apr 08 '15 at 07:03

user3406222

You're attempting to disable on the server or the Android client? – RoraΖ Apr 08 '15 at 11:18
I want to disable from client-side. – user3406222 Apr 08 '15 at 20:45
Are you setting the cache mode of the `SSL_CTX` prior to the first connection using that ctx, or afterwards? – frasertweedale Apr 09 '15 at 01:01
[You also need to turn off session tickets.](http://stackoverflow.com/a/22382205/3714897) – RoraΖ Apr 09 '15 at 12:02
It's set prior to the first connection – user3406222 Apr 11 '15 at 09:48

Could not disable session resumption requested by OpenSSL client

0 Answers0