1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

openssl: don't test default session lifetime value

OpenSSL's default session timeout for TLS v1.0 method is not 300 seconds
but 7200. The TLS v1.0 specification[1] mentions about it as just "An
upper limit of 24 hours is suggested for session ID lifetimes,". And
according to OpenSSL 1.0.2h source comment[2], the value 7200 is decided
just because "the 24 hours mentioned in the TLSv1 spec is way too long
for http, the cache would over fill".

The reason why the default lifetime is set to 300 is maybe an OpenSSL
bug. We always call SSL_CTX_new() with SSLv23_method(), and this set
ssl_ctx->session to 300, the default value for SSLv23_method(). But the
following SSL_set_ssl_method() call does not update it. By the way this
will be fixed in OpenSSL 1.1.0.

[1] https://tools.ietf.org/html/rfc2246#appendix-F.1.4
[2] https://git.openssl.org/?p=openssl.git;a=blob;f=ssl/t1_lib.c;h=dd5bd0050d89f5585c1b06a227eb8221ebf984f1;hb=5dd94f1847c744929a3bd24819f1c99644bb18c7#l193

* test/openssl/test_ssl_session.rb (test_session): remove assertion of
  the default session timeout.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55078 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
rhe 2016-05-20 04:36:03 +00:00
parent c8fd8d3b42
commit c06a990806

View file

@ -55,7 +55,6 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM=
session = ssl.session
assert(session == OpenSSL::SSL::Session.new(session.to_pem))
assert(session == OpenSSL::SSL::Session.new(ssl))
assert_equal(300, session.timeout)
session.timeout = 5
assert_equal(5, session.timeout)
assert_not_nil(session.time)