[openssl-users] How to disable SSL session resumption completelly?
Andrey Kulikov
amdeich at gmail.com
Mon Sep 12 14:35:06 UTC 2016
Hello,
I'm using OpenSSL 1.0.2g
In my client I would like to disable SSL session resumption completely (for
test purposes).
I do prior to connection, after creating SSL_CTX:
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
But what I saw in traffic capture - is that my client always do session
reuse with sending non-empty session ID. And server does accept it.
How can I disable SSL session resumption completely?
More expanded code snippet:
SSL_CTX *ctx = NULL;
ctx = SSL_CTX_new(SSLv23_client_method()))
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
SSL_CTX_set_verify_depth(ctx, 0);
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
Am I doing anything wrong? Any required steps are missing?
With best regards,
Andrey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160912/804d49a4/attachment.html>
More information about the openssl-users
mailing list