[openssl-users] SSL session resumption from different TLS version

Matt Caswell matt at openssl.org
Mon Aug 1 08:51:21 UTC 2016



On 01/08/16 05:39, Prabhat Puroshottam wrote:
> 
>> IIRC the behaviour is different in the forthcoming OpenSSL 1.1.0. In
>> that version the client does not fix its version to the session version.
>> The client remains version flexible - if the server does not wish to use
>> the same version as was in the session then they can still negotiate a
>> different one and the session simply does not get used.
> 
> 
> 
> Thanks Matt, for that detailed and helpful reply.
> 
> Is it at all possible to merge these changes being done in OpenSSL 1.1.0
> to older version of OpenSSL (as we build and ship our own version of
> OpenSSL)? Or is the nature of changes very complex in nature?

Unfortunately the version negotiation logic (which this change relies
on) has been completely rewritten for 1.1.0 so this would not be
suitable for backporting to 1.0.2.

Matt



More information about the openssl-users mailing list