SslStream，禁用会话缓存 [英] SslStream, disable session caching

问题描述

的翻译

解决方案

缓存是在SecureChannel内部处理的，SecureChannel是包装SSPI并由SslStream使用的内部类.我看不到任何可用于禁用客户端连接的会话缓存的点.

您可以使用反射清除连接之间的缓存:

  var sslAssembly = Assembly.GetAssembly(typeof(SslStream));var sslSessionCacheClass = sslAssembly.GetType("System.Net.Security.SslSessionsCache");var cachedCredsInfo = sslSessionCacheClass.GetField("s_CachedCreds"，BindingFlags.NonPublic | BindingFlags.Static);var cachedCreds =(Hashtable)cachedCredsInfo.GetValue(null);cachedCreds.Clear(); 

但这是非常糟糕的做法.考虑修复服务器端.

The MSDN documentation says

The Framework caches SSL sessions as they are created and attempts to reuse a cached session for a new request, if possible. When attempting to reuse an SSL session, the Framework uses the first element of ClientCertificates (if there is one), or tries to reuse an anonymous sessions if ClientCertificates is empty.

How can I disable this caching?

At the moment I am experiencing a problem with a reconnect to a server (i.e., the first connection works good, but at attempt to reconnect the servers breaks the session). Restarting the application helps (but of course only for the first connection attempt). I assume the problem root is caching.

I've checked the packets with a sniffer, the difference is at just single place only at Client Hello messages:

First connection to the server (successful):

Second connection attempt (no program restart, failed):

The difference seems to be just the session identifier.

P.S. I'd like to avoid using 3rd-party SSL clients. Is there a reasonable solution?

_{This is a translation of this question from ru.stackoverflow}

解决方案

Caching is handled inside SecureChannel - internal class that wraps SSPI and used by SslStream. I don't see any points inside that you can use to disable session caching for client connections.

You can clear cache between connections using reflection:

var sslAssembly = Assembly.GetAssembly(typeof(SslStream));

var sslSessionCacheClass = sslAssembly.GetType("System.Net.Security.SslSessionsCache");

var cachedCredsInfo = sslSessionCacheClass.GetField("s_CachedCreds", BindingFlags.NonPublic | BindingFlags.Static);
var cachedCreds = (Hashtable)cachedCredsInfo.GetValue(null);

cachedCreds.Clear();

But it's very bad practice. Consider to fix server side.

这篇关于SslStream，禁用会话缓存的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！