ssl accept error: [..] session id context uninitialized

when I query a local gmniserv server with gemini client diohsc version, in the browser I get: ! HandshakeFailed Error_EOF when quering a second document after a first successful load of index.gmi gmniserv shows: anamnesis.org / 38ms 228 20 text/gemini SSL accept error: error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized

Other gemini clients work fine.

Search results for this error pointed to a TLS 1.3 incompatibility somewhere, either in diohsc or gmniserv. As there was a similar issue with another gemini server (dezhemini) i suspect it is gmnisrv perhaps in combination with my linux distribution (pop_os 21.04) with OpenSSL 1.1.1j 16 Feb 2021. I could not reproduce this issue when browsing with diohsc to my gemini://fsiefken.srht.site - where I assume gmniserv is running as well.

See: https://todo.sr.ht/~rwv/dezhemini/1

And it's solution as rwv relates it:

"the problem occurred when using a client which supports TLS 1.3 "session reuse" aka resumption, causing the second hit on a dʒɛmɪni hosted capsule to fail at the handshake. Apparently I forgot to do a move in the OpenSSL ceremonial dance, namely set the session ID.


Fortunately racket does it for you when calling ssl-set-verify! but I didn't bother with it because I don't want verification because of TOFU. I was wrong and, have to admit, did not RTFM.

racket/openssl/ssl-set-verify! This also seems to fix a similar issue I was having when running dʒɛmɪni on OpenBSD and using the Ariane client for Android, second hit going bad at handshake. Weird thing was: it did not occur on capsules hosted on a GNU/Linux distribution."


With another gemini server - gemserv (rust) - diohsc works ok.

Does gmniserv set the Session ID correctly?

Assigned to
11 months ago
11 months ago
No labels applied.