Hi I have a twisted service, which uses TLS and I seeing some odd behaviour. New connections are accepted fine, but if a client tries to re-use a TLS session id with a new connection, the services rejects the connection. Poking at the TLS module I added the following line to help me figure out what was wrong: @@ -363,11 +365,13 @@ except ZeroReturnError: # TLS has shut down and no more TLS data will be received over # this connection. self._shutdownTLS() # Passing in None means the user protocol's connnectionLost # will get called with reason from underlying transport: self._tlsShutdownFinished(None) except Error as e: + log.msg('_flushReceiveBIO Error: %s' % str(e), system='protocols.TLS') # Something went pretty wrong. For example, this might be a # handshake failure (because there were no shared ciphers, because # a certificate failed to verify, etc). TLS can no longer proceed. (I think the above patch would be a nice addition to twisted as figuring out what goes wrong in the TLS stack is currently quite difficult). This gives me the following: 2014-04-30 15:02:08+0200 [protocols.TLS] _flushReceiveBIO Error: [('SSL routines', 'SSL_GET_PREV_SESSION', 'session id context uninitialized')] I am using the same (cached) context for all incoming connections. Using openssl s_client -connect host:port I can see that the service returns a session id and master key. If I disable session cache with: ctx.set_session_cache_mode(SSL.SESS_CACHE_OFF) The s_client command still returns session-id and master-key. Which is rather unexpected. (I am not using the CertificateOptions class, just SSL.Context) Code for context creation can be seen here: https://github.com/NORDUnet/opennsa/blob/master/opennsa/ctxfactory.py Without the disabling of session id. Any idea to what I am doing wrong here? This is with openssl 1.0.1-4ubuntu5.12, pyOpenSSL 14.1 and Twisted 13.1 regards, Henrik