From 24339b04d8c17770e21f8bd303e86fcad85713a2 Mon Sep 17 00:00:00 2001
From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Sun, 17 Apr 2016 22:43:27 +1200
Subject: [PATCH] Handshake Error: ccs received early

Some servers cause an SSL handshake error with peek and splice.
The problem is related to the TLS Session Tickets extension handling. Squid
expects always a TLS Session Tickets extension, included in server hello
message, to assume that the ticket accepted and the session is a resumed
session, which is not always true.

This is a Measurement Factory project
---
 src/ssl/bio.cc | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index 86b455c5b4..f502189a80 100644
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -515,9 +515,7 @@ Ssl::ServerBio::resumingSession()
         return clientFeatures.sessionId == serverFeatures.sessionId;
 
     // is this a session resuming attempt using TLS tickets?
-    if (clientFeatures.hasTlsTicket &&
-            serverFeatures.tlsTicketsExtension &&
-            serverFeatures.hasCcsOrNst)
+    if (clientFeatures.hasTlsTicket && receivedHelloFeatures_.hasCcsOrNst)
         return true;
 
     return false;
-- 
2.47.2