What do I see?
If I use a TLS client connection that attempts to reuse a previous session, the connection fails and an error is logged.
What do I expect to see?
The connection should succeed whether the server supports session reuse or not.
Environment
Ubuntu bionic Latest Redis built from source
Steps to reproduce
openssl s_client -connect redis:6379 -reconnect
The first connection succeeds, but the reconnect fails and Redis logs the following error
# Error accepting a client connection: error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized
Fix options
The quick fix is just to disable server session caching completely, but the optimal solution is to implement a funcitonal session cache (performance improvements, blah blah blah).
Comment From: theDogOfPavlov
SSL_CTX_set_session_cache_mode( ctx, SSL_SESS_CACHE_OFF );
Comment From: ham1255
any fix to this?
Comment From: yossigo
@theDogOfPavlov Session caching was on my list a long time. Can you please take a look at #7420 and let me know if that works for you?
Note that simply disabling caching on the server side will not get rid of those errors, because clients may still attempt to do resumption.
Comment From: theDogOfPavlov
Checked and I'm getting valid tickets for both TLSv1.2 and TLSv1.3 so all good.
Thanks for the quick turn around on this one!
Comment From: yossigo
@theDogOfPavlov Just to be sure, did you check that with -no_ticket on the client side? Remember that TLS session tickets and session IDs are different beasts. Just trying to make sure everything behaves as expected on various TLS+OpenSSL version combinations. Thanks!
Comment From: theDogOfPavlov
Yup: all the below reuse a TLS session (of one form or another):
openssl s_client -connect 127.0.0.1:6379 -tls1_2 -reconnect
openssl s_client -connect 127.0.0.1:6379 -tls1_3 -reconnect
openssl s_client -connect 127.0.0.1:6379 -tls1_2 -no_ticket -reconnect
openssl s_client -connect 127.0.0.1:6379 -tls1_3 -no_ticket -reconnect
Comment From: yossigo
Fixed by #7420