id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1674	SSL session ID is not reused when other server disable session cache	ruoshan@…		"the following command failed to reuse the SSL session ID, when nginx is configured like the following.

{{{
openssl s_client -connect 127.0.0.1:8443 -no_ticket -servername ""two.test.me"" -reconnect
}}}

corresponding nginx conf:

{{{
daemon off;
master_process off;

events {
    worker_connections 1024;
}

http {
    server {
        listen 8443 ssl;
        server_name one.test.me;

        #ssl_session_cache shared:my_cache:10m;
        ssl_certificate ./certs/cert-wild.pem;
        ssl_certificate_key ./certs/key-wild.pem;
        ssl_session_timeout  5m;

        location / {
            return 201;
        }
    }

    server {
        listen 8443 ssl;
        server_name two.test.me;

        ssl_session_cache shared:my_cache:10m;
        ssl_certificate ./certs/cert-wild.pem;
        ssl_certificate_key ./certs/key-wild.pem;
        ssl_session_timeout  5m;

        location / {
            return 202;
        }
    }
}
}}}

the ""bug"" causing this seems to be in the `ngx_http_ssl_servername`.
that func didn't update the `c->ssl->connection->session_ctx` to the right one after we have the SNI info. it still use the ""first"" ssl session CTX of the first server block.

may be it should be fixed in openssl."	defect	closed	minor		other	1.15.x	invalid				"nginx version: nginx/1.15.6
built by clang 10.0.0 (clang-1000.11.45.5)
built with OpenSSL 1.0.2p  14 Aug 2018
TLS SNI support enabled
configure arguments: --prefix=/usr/local/Cellar/nginx/1.15.6 --sbin-path=/usr/local/Cellar/nginx/1.15.6/bin/nginx --with-cc-opt='-I/usr/local/opt/pcre/include -I/usr/local/opt/openssl/include' --with-ld-opt='-L/usr/local/opt/pcre/lib -L/usr/local/opt/openssl/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/usr/local/var/run/nginx.pid --lock-path=/usr/local/var/run/nginx.lock --http-client-body-temp-path=/usr/local/var/run/nginx/client_body_temp --http-proxy-temp-path=/usr/local/var/run/nginx/proxy_temp --http-fastcgi-temp-path=/usr/local/var/run/nginx/fastcgi_temp --http-uwsgi-temp-path=/usr/local/var/run/nginx/uwsgi_temp --http-scgi-temp-path=/usr/local/var/run/nginx/scgi_temp --http-log-path=/usr/local/var/log/nginx/access.log --error-log-path=/usr/local/var/log/nginx/error.log --with-debug --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-ipv6 --with-mail --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module"