From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Sun, 17 Apr 2016 10:43:27 +0000 (+1200)
Subject: Handshake Error: ccs received early
X-Git-Tag: SQUID_3_5_17~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24339b04d8c17770e21f8bd303e86fcad85713a2;p=thirdparty%2Fsquid.git

Handshake Error: ccs received early

Some servers cause an SSL handshake error with peek and splice.
The problem is related to the TLS Session Tickets extension handling. Squid
expects always a TLS Session Tickets extension, included in server hello
message, to assume that the ticket accepted and the session is a resumed
session, which is not always true.

This is a Measurement Factory project
---

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index 86b455c5b4..f502189a80 100644
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -515,9 +515,7 @@ Ssl::ServerBio::resumingSession()
         return clientFeatures.sessionId == serverFeatures.sessionId;
 
     // is this a session resuming attempt using TLS tickets?
-    if (clientFeatures.hasTlsTicket &&
-            serverFeatures.tlsTicketsExtension &&
-            serverFeatures.hasCcsOrNst)
+    if (clientFeatures.hasTlsTicket && receivedHelloFeatures_.hasCcsOrNst)
         return true;
 
     return false;