From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Thu, 14 Apr 2016 17:31:46 +0000 (+0300)
Subject: Handshake Error: ccs received early
X-Git-Tag: SQUID_4_0_9~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=195f33bb06b63df0de9ceddae750d067be7928b9;p=thirdparty%2Fsquid.git

Handshake Error: ccs received early

Some servers cause an SSL handshake error with peek and splice.
The problem is related to the TLS Session Tickets extension handling. Squid
expects always a Tls Session Tickets extension, included in server hello
message, to assume that the ticket accepted and the session is a resumed
session, which is not always true.

This is a Measurement Factory project
---

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index 55e49fc07c..034661fbc7 100644
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -518,9 +518,7 @@ Ssl::ServerBio::resumingSession()
         return clientFeatures.sessionId == receivedHelloFeatures_.sessionId;
 
     // is this a session resuming attempt using TLS tickets?
-    if (clientFeatures.hasTlsTicket &&
-            receivedHelloFeatures_.tlsTicketsExtension &&
-            receivedHelloFeatures_.hasCcsOrNst)
+    if (clientFeatures.hasTlsTicket && receivedHelloFeatures_.hasCcsOrNst)
         return true;
 
     return false;