Description
Version
22
Platform
All Platforms
Subsystem
TLS
What steps will reproduce the bug?
There was already an issue that is closed #28985, however I could not reopen the issue again, but I have a confirmed repro sample that is still an issue.
Following repository contains the code to reproduce the issue.
https://github.com/ackava/node-tls-servername-false
How often does it reproduce? Is there a required condition?
The issue occurs from .NET HTTP Client, now .NET has widespread usage and variety of services connect to web servers hosted on node and specific TLS Session reuse from HttpClient from dotnet causes this bug.
To isolate the bug, I have separated TLS and HTTP1 layer, now I have an application where in I am offloading TLS in node cluster and forwarding connections to appropriate virtual hosts (every host has a separate application and separate SSL certificate).
What is the expected behavior? Why is that the expected behavior?
TLSSocket's servername should be SNI host.
What do you see instead?
When TLS Session is resumed, servername is false.
Additional information
As a workaround I was storing servername along with sessions for up to 900 seconds, as sessions would not be reused after that, however it seems TLS sessions are reused beyond 900 seconds so this might be separate bug.
Possible Solutions
There is an easy way to fix this, by saving SNI host in session buffer for session resumption, this would fix the issue.
Activity