问题
Hey everyone just a quick question.
Lets say I am connected to a server with a SSL connection. Now say while I am connected the Certificate expires. Will the connection close or is nothing going to happen at all?
I would think that nothing will happen at all but I'm not 100 % sure.
回答1:
It depends on the client implementation.
However, the connection will likely remain active as the validity of the certificate is checked during the TLS/SSL handshake, which happens once at the beginning of the session when the connection is opened.
回答2:
To extend the other answers: the certificate will only be checked within a full handshake. Usually at most one full handshake is done per TCP connection (at the beginning) but with renegotiation another full handshake might be done.
But with session resumption only the first TCP connection in the SSL session will do a full handshake. This means that it will not detect a changed or expired certificate even when establishing a new TCP connection as long as an existing SSL session is resumed inside this TCP connection.
回答3:
The certificate will be checked once for validity at the beginning of the connection, and again during the connection (or a subsequent on sharing the same session) if either side requests a full handshake, which is usually only done to escalate the cipher suites, request a client certificate, etc.
来源:https://stackoverflow.com/questions/36177075/ssl-certificate-expires-while-connected