openssl has a debug client called s_client, which in turn has a flag named -reconnect. That flag, according to the man page, "Reconnects to the same server 5 times using the same session ID, this can be used as a test that session caching is working".
Session caching is not supposed to be working on Skupper. However, after running a test with that flag, any ensuing connections time out.
This is possibly a router issue (should this be moved there?), but the steps to reproduce use skupper.
How to reproduce
$ skupper init
$ k create -f /tmp/ssl-server.yaml
$ skupper expose --enable-tls --port 8443 deployment/ssl-server
$ k exec -ti deployment/ssl-server -- openssl s_client -connect ssl-server:8443 # works; try it a few times
$ k exec -ti deployment/ssl-server -- openssl s_client -connect ssl-server:8443 -reconnect # doesn't work anymore
$ k exec -ti deployment/ssl-server -- openssl s_client -connect ssl-server:8443 # new connection, and it does not work anymore
Here, 'works' means that the server responds to any inputs with the reversed input (ie, typing asdf and hitting enter immediatelly gets a response of fdsa). 'Doesn't work', in turn, means that no response is ever sent, even if the openssl s_client output shows a successful TLS connection.
Description
openssl
has a debug client calleds_client
, which in turn has a flag named-reconnect
. That flag, according to the man page, "Reconnects to the same server 5 times using the same session ID, this can be used as a test that session caching is working".Session caching is not supposed to be working on Skupper. However, after running a test with that flag, any ensuing connections time out.
This is possibly a router issue (should this be moved there?), but the steps to reproduce use
skupper
.How to reproduce
Here, 'works' means that the server responds to any inputs with the reversed input (ie, typing
asdf
and hitting enter immediatelly gets a response offdsa
). 'Doesn't work', in turn, means that no response is ever sent, even if theopenssl s_client
output shows a successful TLS connection.ssl-server.yaml
contents:Alternative setup, imperative, using Openshift's
oc
to add the volumes.