View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008766 | Compliance Test Tool (CTT) Unified Architecture | 1 - Script Issue | public | 2023-03-31 08:40 | 2023-09-27 13:20 |
| Reporter | Thomas Kugler | Assigned To | Paul Hunkar | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | assigned | Resolution | open | ||
| Summary | 0008766: SecureChannel cleanup | ||||
| Description | DOS attack tests, e.g. Security > Security None > 007.js | ||||
| Tags | No tags attached. | ||||
| Files Affected | |||||
|
|
We don't think this is allowed, but we want to better understand what you are asking for. Any channel can timeout and thus go away, but this test case is looking for what happens when no more secure channels are available, in which case the server is suppose to close the oldest secure channel that does not have a session on it. The last created secure channel should be available for creating a session, why are you closing the newest secure channel? |
|
|
The unused secure channels are closed after a timeout. In the test this can happen (depending on the timing) also for the last unused secure channel. |
|
|
Since our DoS tests results haven't changed with the new CTT version (1.04.11), we would like to ask for a better description what is the expected behavior for secure channels in these tests. "When creating a valid/real SecureChannel, prior [unused] channels should be clobbered." |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-03-31 08:40 | Thomas Kugler | New Issue | |
| 2023-04-13 15:24 | Paul Hunkar | Assigned To | => Paul Hunkar |
| 2023-04-13 15:24 | Paul Hunkar | Status | new => feedback |
| 2023-04-13 15:24 | Paul Hunkar | Note Added: 0019174 | |
| 2023-05-19 16:53 | Thomas Kugler | Note Added: 0019422 | |
| 2023-05-19 16:53 | Thomas Kugler | Status | feedback => assigned |
| 2023-09-27 13:20 | Maximilian | Note Added: 0020061 |
