Session resumption with session IDs TLS1.2
Hello community, I'm an embedded systems developer and we have a ressource constraint IOT device which is using TLS1.2. When we use https:// to access the internal website of the device, Firefox does a complete TLS handshake for each asset to download which renders https:// almost unusable. This happens despite session resumption using session IDs is offered by the device. When accessing the device with Chrome or Edge there's only one handshake and all the following TLS sessions are resumed with the ID of the first handshake. In Firefox security.ssl.disable_session_identifiers is set to false.
Is it intended behaviour that Firefox ignores session IDs for TLS1.2?
Used Firefox version: 142.0 (64-Bit) Windows 11
Thanks in advance.
Johannes
All Replies (3)
I faced a similar issue before. What worked for me was clearing the SSL cache and restarting Firefox. You can also try creating a fresh profile or disabling add-ons temporarily to see if one of them is interfering. Sometimes switching the TLS setting from session IDs to session tickets also helps.
johncarter0462 said
I faced a similar issue before. What worked for me was clearing the SSL cache and restarting Firefox. You can also try creating a fresh profile or disabling add-ons temporarily to see if one of them is interfering. Sometimes switching the TLS setting from session IDs to session tickets also helps.
Thank you for your response. I just tried a clean install of firefox, and still have the same behaviour. Using Tickets doesn't help either, because Firefox reuses a ticket only once, and I can't provide more than one ticket per connection.
Regards, Johannes
This seems to be a known defect: https://bugzilla.mozilla.org/show_bug.cgi?id=1740071
Before I found the above bug report I filed my own one: https://bugzilla.mozilla.org/show_bug.cgi?id=1984828
Regards, Johannes
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.