Handshake Error: ccs received early

Some servers cause an SSL handshake error with peek and splice.
The problem is related to the TLS Session Tickets extension handling. Squid
expects always a Tls Session Tickets extension, included in server hello
message, to assume that the ticket accepted and the session is a resumed
session, which is not always true.

This is a Measurement Factory project

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index 55e49fc07cf0644f793a49f4b4c0cd5136d3df89..034661fbc7fda29f3e596ecd846ab72b9aa27d31 100644 (file)
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -518,9 +518,7 @@ Ssl::ServerBio::resumingSession()
         return clientFeatures.sessionId == receivedHelloFeatures_.sessionId;
 
     // is this a session resuming attempt using TLS tickets?
-    if (clientFeatures.hasTlsTicket &&
-            receivedHelloFeatures_.tlsTicketsExtension &&
-            receivedHelloFeatures_.hasCcsOrNst)
+    if (clientFeatures.hasTlsTicket && receivedHelloFeatures_.hasCcsOrNst)
         return true;
 
     return false;