Opened 6 years ago
Closed 6 years ago
#1628 closed defect (invalid)
$ssl_session_id is not set when client connected via MSIE11
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | major | Milestone: | |
Component: | nginx-module | Version: | 1.14.x |
Keywords: | ssl | Cc: | |
uname -a: | Linux 20dc721b8293 4.9.93-boot2docker #1 SMP Thu Jul 19 18:29:50 UTC 2018 x86_64 Linux | ||
nginx -V: | nginx/1.14.0 |
Description
$ssl_session_id
is not set when client connected via MSIE11
Steps:
1) Create self-signed certificate and key
2) Appropriately configure NGINX to use newly created key and certificate
3) Configure nginx to proxy dynamic to PHP-FPM with additional parameter:
fastcgi_param X-SSL-Session-Id $ssl_session_id;
4) Open phpinfo page from Firefox browser - as result we see correct behavior:
$_ENV['X-SSL-Session-Id'] 9b3985b6f41dc77b46c5d23fdebd12525041c8475036ebd7607d9ba927701aec
5) Open the same page in IE11 - as result we see empty $_ENV['X-SSL-Session-Id']
even after page refresh
Change History (4)
comment:1 by , 6 years ago
comment:3 by , 6 years ago
Sorry, nginx version is not depended. The following setting solves the issue:
ssl_session_tickets off;
comment:4 by , 6 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
The $ssl_session_id
variable represents SSL session id. It can be available or not depending on the configuration and the client behaviour, in particular:
- It is not available when not using neither SSL session cache nor session tickets.
- When using session tickets, it is not available during the initial connection. When a session is reused, it is the client responsibility to choose a session id, and it can be either available or not depending on the client behaviour, see RFC 5077.
Don't expect that $ssl_session_id
is always available, it is not. Moreover, note that session id can be arbitrary selected by the client when using session tickets, and should be handled accordingly.
The same wrong behavior in MS Edge browser