0

I find that session ids are different between 2 peers (client and server) in same tls handshaking process. Why should these two values be different? I studied before that when a new session is established the session id field is empty, but I see this picture.

As you see in the picture, I started new session by visiting a website.

I capture traffic between my client and web server which is supported by TLS 1.2.

schroeder
  • 123,438
  • 55
  • 284
  • 319
unknown
  • 1
  • 1
  • It is not fully clear for me what you are asking. Could you please provide more details with sufficient context which led you to the conclusion that these are different? Also, why do you think they should be the same in the first place? – Steffen Ullrich Sep 19 '21 at 08:31
  • This is also not looking like a security question but a TCP/IP question – schroeder Sep 19 '21 at 09:08
  • The handshake you (partially) show is TLS 1.3 not 1.2; not only does wireshark show it, but that sequence of handshake messages is impossible in 1.2 or lower. Also you must be providing SSLKEYLOGFILE or similar session-secret file, because otherwise wireshark can't decrypt even record types in 1.3. 1.3 no longer really uses session-id (there are no sessions to identify) but RFC8446 4.1.3 _requires_ ServerHello 'legacy' value echo ClientHello (at least if nonempty?) and client check this, so if yours really is different then your implementations are defective. – dave_thompson_085 Sep 21 '21 at 13:40

0 Answers0