Bug 57680 - SSLSessionCacheTimeout has no effect
Summary: SSLSessionCacheTimeout has no effect
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.4.6
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-09 16:52 UTC by Anton Andersen
Modified: 2015-03-09 16:52 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Andersen 2015-03-09 16:52:08 UTC
Seems that the value of SSLSessionCacheTimeout set in config is ignored by mod_ssl.

I've tried to set this value to any other than default 300 but TLS session stays in cache exact 300 seconds.
So if I set "SSLSessionCacheTimeout 15" I'll receive "shmcb_subcache_retrieve found no match" message in log after a long 300 seconds.
If I set "SSLSessionCacheTimeout 36000"  I'll receive the same message also after this 300 seconds.

The log for session timeout looks like this:
[Mon Mar 09 19:18:25.486926 2015] [ssl:info] [pid 28162] [client X.X.X.X:XXXXX] AH01964: Connection to child 1 established (server example.com:443)
[Mon Mar 09 19:18:25.488688 2015] [socache_shmcb:debug] [pid 28162] mod_socache_shmcb.c(522): AH00835: socache_shmcb_retrieve (0x7e -> subcache 62)
[Mon Mar 09 19:18:25.488786 2015] [socache_shmcb:debug] [pid 28162] mod_socache_shmcb.c(877): AH00851: shmcb_subcache_retrieve found no match
[Mon Mar 09 19:18:25.488800 2015] [socache_shmcb:debug] [pid 28162] mod_socache_shmcb.c(532): AH00836: leaving socache_shmcb_retrieve successfully
[Mon Mar 09 19:18:25.488888 2015] [ssl:debug] [pid 28162] ssl_engine_kernel.c(1913): [client X.X.X.X:XXXXX] AH02043: SSL virtual host for servername example.com found

The log for session reuse looks like this (Note absence of the socache_shmcb:debug messages):
[Mon Mar 09 19:18:36.403065 2015] [ssl:info] [pid 28163] [client X.X.X.X:XXXXX] AH01964: Connection to child 2 established (server example.com:443)
[Mon Mar 09 19:18:36.404696 2015] [ssl:debug] [pid 28163] ssl_engine_kernel.c(1913): [client X.X.X.X:XXXXX] AH02043: SSL virtual host for servername example.com found


I have
CentOS 7
httpd.x86_64    2.4.6-19.el7.centos
mod_ssl.x86_64  1:2.4.6-19.el7.centos
openssl.x86_64  1:1.0.1e-34.el7_0.7