Closed
Bug 1273677
Opened 9 years ago
Closed 9 years ago
TLSServerSocket doesn't properly set up the session cache
Categories
(Core :: Networking, defect)
Core
Networking
Tracking
()
People
(Reporter: keeler, Assigned: keeler)
References
Details
(Whiteboard: [ft:conndevices][necko-active])
Attachments
(1 file)
|
58 bytes,
text/x-review-board-request
|
mcmanus
:
review+
jocheng
:
approval-mozilla-b2g48+
|
Details |
TLSServerSocket (implementation of nsITLSServerSocket) doesn't set up the session cache, which is a problem as the cache defaults to being enabled. This issue can be exposed by running a server and having a client attempt to connect to it more than once.
|
Assignee | |
Comment 1•9 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/53352/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/53352/
Attachment #8753565 -
Flags: review?(mcmanus)
Blocks: flyweb
|
||
Updated•9 years ago
|
Attachment #8753565 -
Flags: review?(mcmanus) → review+
|
|
||
Comment 2•9 years ago
|
||
Comment on attachment 8753565 [details]
MozReview Request: bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r?mcmanus
https://reviewboard.mozilla.org/r/53352/#review50368
|
|
||
Updated•9 years ago
|
Whiteboard: [necko-active]
|
|
Assignee | |
Comment 3•9 years ago
|
||
Comment on attachment 8753565 [details]
MozReview Request: bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r?mcmanus
Review request updated; see interdiff: https://reviewboard.mozilla.org/r/53352/diff/1-2/
|
|
Assignee | |
Comment 4•9 years ago
|
||
Thanks for the review. I forgot to add SSL_ShutdownServerSessionIDCache to nss.symbols, and I decreased the maximum cache size from 10000 (the default) to 1000 to save a bit of memory. Here's the try run:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=5124406b3a4c
This caused valgrind leaks like https://treeherder.mozilla.org/logviewer.html#?job_id=28298947&repo=mozilla-inbound
Backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/7c847046bb5e
Flags: needinfo?(dkeeler)
Just for the record, this also leaked outside of valgrind jobs: https://treeherder.mozilla.org/logviewer.html#?job_id=28310651&repo=mozilla-inbound
|
|
||
Comment 8•9 years ago
|
||
https://reviewboard.mozilla.org/r/53352/#review51074
::: security/manager/ssl/nsNSSComponent.cpp:1604
(Diff revision 2)
> + // TLSServerSocket may be run with the session cache enabled. It is necessary
> + // to call this once before that can happen. This specifies a maximum of 1000
> + // cache entries (the default number of cache entries is 10000, which seems a
> + // little excessive as there probably won't be that many clients connecting to
> + // any TLSServerSockets the browser runs.)
> + SSL_ConfigServerSessionIDCache(1000, 0, 0, nullptr);
Drive by since this got backed out: the return value should probably be checked or explicitly ignored.
::: security/manager/ssl/nsNSSComponent.cpp:1658
(Diff revision 2)
> ShutdownSmartCardThreads();
> #endif
> SSL_ClearSessionCache();
> + // TLSServerSocket may be run with the session cache enabled. This ensures
> + // those resources are cleaned up.
> + SSL_ShutdownServerSessionIDCache();
Same here.
|
|
Assignee | |
Comment 9•9 years ago
|
||
It looks like SSL_ConfigServerSessionIDCache has to occur before all calls to SSL_ClearSessionCache. This should do it:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=19df616e6738
Flags: needinfo?(dkeeler)
|
|
Assignee | |
Comment 10•9 years ago
|
||
Comment on attachment 8753565 [details]
MozReview Request: bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r?mcmanus
Review request updated; see interdiff: https://reviewboard.mozilla.org/r/53352/diff/2-3/
|
|
Assignee | |
Comment 11•9 years ago
|
||
https://reviewboard.mozilla.org/r/53352/#review51074
> Drive by since this got backed out: the return value should probably be checked or explicitly ignored.
Good call.
|
||
Comment 12•9 years ago
|
||
|
||
Comment 13•9 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
|
||
Comment 14•9 years ago
|
||
Comment on attachment 8753565 [details]
MozReview Request: bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r?mcmanus
NOTE: Please see https://wiki.mozilla.org/Release_Management/B2G_Landing to better understand the B2G approval process and landings.
[Approval Request Comment]
Bug caused by (feature/regressing bug #): 1273677
User impact if declined: tls reconnection speed will be a little bit slow
Testing completed: self-tested
Risk to taking this patch (and alternatives if risky): low
String or UUID changes made by this patch: N/A
Flags: needinfo?(xeonchen)
Attachment #8753565 -
Flags: approval-mozilla-b2g48?
|
||
Comment 15•8 years ago
|
||
please ni me again after approval to make sure I can see this in time.
Flags: needinfo?(xeonchen)
|
||
Comment 16•8 years ago
|
||
Comment on attachment 8753565 [details]
MozReview Request: bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r?mcmanus
Approve for TV 2.6
Attachment #8753565 -
Flags: approval-mozilla-b2g48? → approval-mozilla-b2g48+
|
|
||
Updated•8 years ago
|
blocking-b2g: --- → 2.6+
Whiteboard: [necko-active] → [ft:conndevices][necko-active]
|
|
||
Comment 17•8 years ago
|
||
status-b2g-v2.6:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•