2

I have been trying out SSL session reuse on iOS, Java desktop and Android. iOS appears to try to reuse SSL sessions (but not all the time). Java appears to always reuse sessions as long as you pass the hostname/port when you create an SSLEngine.

When I get to Android I have some problems. The code which I used to test Java SSL session reuse (create a connection, send a couple of messages, drop the connection and wait one second, repeat) didn't work properly at all on Froyo, worked in the Gingerbread emulator but didn't reuse sessions.

I then looked a little deeper into the Android code and I see there is an alternate method of storing SSL sessions using the SSLSessionCache/SSLCertificateSocketFactory which are used by the AndroidHttpClient. So I set up a test to use the AndroidHttpClient which made multiple requests over multiple connections to an apache server (which I know supports SSL session reuse), and it still didn't reuse sessions in Froyo or in Gingerbread.

If anyone has been able to get this working and could show some sample Android client code I would be much appreciated. I am considering creating a bug report for Android, but I just want to make sure I am not missing something obvious here.

Gareth
  • 936
  • 6
  • 14
  • Are you sniffing with wireshark (or equivalent) to make certain you know which side is refusing to reuse a session? – President James K. Polk Jan 08 '11 at 00:45
  • I am using wireshark to verify session reuse. The android client is not setting the session ID in the Client handshake (which I see being set by J2SE and iOS clients), thus the SSL session cannot be reused. – Gareth Jan 08 '11 at 01:03

0 Answers0