SSL Session IDs in Konqueror

Ross Vandegrift ross at kallisti.us
Tue Jul 1 22:07:18 BST 2008


Hello,

I've been troubleshotting an issue with Konqueror clients.  I've traced
it back to the manner in which these browers perform SSL.  If this isn't
the right list, please direct me to the right people - I'm not so familiar
with the KDE development structure.


When a client opens an SSLv3 session, it generates an SSL Session ID
as part of the Handshake protocol.  This allows the session to be
resumed for subsequent transactions.  Mozilla and IE both generate a
single SSL Session ID for a single webpage.  This session is resumed
for subsequent requests and elements of the page.

Konqueror doesn't do this.  It seems to generate a new SSL Session ID
for each HTTP transaction.  This is an issue for server-side things
that depend upon the Session ID existing in the session cache (in my
particular case, I'm troubleshooting a web application that uses SSL
Session ID to direct users).


Is this behavior intentional?  Are there options that control it?  I'm
not really an expert on SSLv3, and am new to Konqueror, so if there's
an FM I need to read, let me know!

I am not subscribed to the list, so please CC me with any replies.

-- 
Ross Vandegrift
ross at kallisti.us

"The good Christian should beware of mathematicians, and all those who
make empty prophecies. The danger already exists that the mathematicians
have made a covenant with the devil to darken the spirit and to confine
man in the bonds of Hell."
	--St. Augustine, De Genesi ad Litteram, Book II, xviii, 37




More information about the kfm-devel mailing list