[openssl-users] Session Ticket Support in Openssl TLS 1.2
Neetish Pathak
npathak2 at ncsu.edu
Sat Jun 10 00:54:26 UTC 2017
Thanks Matt
On Thu, Jun 8, 2017 at 3:45 PM, Matt Caswell <matt at openssl.org> wrote:
>
>
> On 08/06/17 23:12, Neetish Pathak wrote:
> > Thanks.
> > I had one query regarding the TLS 1.3 implementation on server side. I
> > have a simple client server program with session resumption working with
> > TLS 1.2.
> > When I use TLS 1.3, I see that server hello message has a malformed
> > packet.
>
> How do you know it is malformed? The format of the ServerHello message
> has changed in TLSv1.3, so if you expect it to look like a TLSv1.2
> ServerHello then you will be surprised.
>
*I know the ServerHello is malformed from the WIRESHARK LOGS. It shows an
exception for the ServerHello with malformed packet message.*
>
> > Though the SSL handshake is successful. I am not observing
> > session resumption.
> > I want to know what causes server hello to have a malformed packet.
> > Also, is any extra configuration required for TLS 1.3 ?
> > I am assuming TLS 1.3 can also use session Ids/ tickets for session
> > resumption.
>
> You probably want to read this blog post:
>
> https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/
>
> *This blogpost is highly useful. Thanks for directing me here. I
am following the guidelines.*
> Session ids are not used in TLSv1.3 and session tickets work very
> differently. Session resumption should work just fine but there are some
> things to be aware of (discussed in the blog post).
>
> Matt
>
>
> >
> > Thanks
> > Best Regards,
> > Neetish
> >
> > On Thu, Jun 8, 2017 at 1:47 AM, Matt Caswell <matt at openssl.org
> > <mailto:matt at openssl.org>> wrote:
> >
> >
> >
> > On 08/06/17 01:26, Neetish Pathak wrote:
> > > Hello All,
> > >
> > > I am new to the Openssl community.
> > > I am using the latest version of Openssl (with TLS 1.3 enabled) for
> > > performance benchmarking. I wanted to know if the session ticket
> support
> > > for session resumption enabled;ed by default for OpenSSL TLS v 1.2
> or it
> > > needs to be explicitly enabled?
> >
> > It is on by default.
> >
> > Matt
> >
> > --
> > openssl-users mailing list
> > To unsubscribe:
> > https://mta.openssl.org/mailman/listinfo/openssl-users
> > <https://mta.openssl.org/mailman/listinfo/openssl-users>
> >
> >
> >
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170609/516a28d5/attachment-0001.html>
More information about the openssl-users
mailing list