-
Samuel Chiang authored
The SSL SESSION files we were originally testing against use DHE and SSLv3. AWS-LC happens to have no support for either and we have newer possible alternatives available, so I've updated the respective files to use ECDHE-RSA-AES256-SHA with TLS 1.1 and 1.2. I've verified that these work as expected with all libcryptos we support. There are also a few SSL session discrepencies in AWS-LC when compared to OpenSSL. 1. AWS-LC has no support for internal session caching on the client-end. 2. AWS-LC supports internal session caching on the server, but SSL_get1_session does not return a resumable session with TLS 1.3 in AWS-LC. Users have to use the SSL_CTX_sess_set_new_cb (ctx.session_new_cb in Ruby) to retrieve the resumable session ticket. 3. AWS-LC has no current support for external session caching in TLS 1.3. https://github.com/ruby/openssl/commit/ca384b8e2f
Samuel Chiang authoredThe SSL SESSION files we were originally testing against use DHE and SSLv3. AWS-LC happens to have no support for either and we have newer possible alternatives available, so I've updated the respective files to use ECDHE-RSA-AES256-SHA with TLS 1.1 and 1.2. I've verified that these work as expected with all libcryptos we support. There are also a few SSL session discrepencies in AWS-LC when compared to OpenSSL. 1. AWS-LC has no support for internal session caching on the client-end. 2. AWS-LC supports internal session caching on the server, but SSL_get1_session does not return a resumable session with TLS 1.3 in AWS-LC. Users have to use the SSL_CTX_sess_set_new_cb (ctx.session_new_cb in Ruby) to retrieve the resumable session ticket. 3. AWS-LC has no current support for external session caching in TLS 1.3. https://github.com/ruby/openssl/commit/ca384b8e2f
Loading