-
-
Notifications
You must be signed in to change notification settings - Fork 33.2k
Description
When initialising an SSLContext there is a call to SSL_CTX_set_session_id_context()
:
#define SID_CTX "Python"
SSL_CTX_set_session_id_context(self->ctx, (const unsigned char *) SID_CTX,
sizeof(SID_CTX));
#undef SID_CTX
The openssl man pages state that SSL_CTX_set_session_id_context
is a "server side only" operation:
https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_session_id_context.html
SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)
The session id context becomes part of the session. The session id context is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and SSL_set_session_id_context() functions are therefore only useful on the server side.
In some circumstances, calling this on a client side socket can result in unexpected behavior. For example TLSv1.3 PSK: #103181 (comment)
The fix for this was originally part of another PR (#103181) @gpshead recommended creating a separate issue/PR