[openssl-users] Session Ticket Support in Openssl TLS 1.2
Neetish Pathak
npathak2 at ncsu.edu
Wed Jun 14 01:33:48 UTC 2017
I need some suggestions on how I can implement session resumption in TLS
1.3. I have implemented the resumption on the client side using a callback
as recommended on the TLS 1.3 blog https://www.openssl.org/blog/b
log/2017/05/04/tlsv1.3/ . Still, the session resumption is not working. I
know this because my new_session_cb which I have set using
SSL_CTX_sess_set_new_cb
is never getting invoked and also I don't see any improvement in connection
time.
The same implementation when I change the max TLS version to TLS1.2 works
and session resumption works as desired.
I am not sure how I can resolve this.
As mentioned on the blog post
"In TLSv1.3 sessions are not established until after the main handshake has
completed. The server sends a separate post-handshake message to the client
containing the session details. Typically this will happen soon after the
handshake has completed, but it could be sometime later (or not at all)."
I think the server is not informing the session details to client at all in
my case and hence the resumption is not working. Can someone please suggest
how to resolve this.
Thanks
Best Regards,
Neetish
On Tue, Jun 13, 2017 at 6:03 PM, Neetish Pathak <npathak2 at ncsu.edu> wrote:
> Thanks for your reply Salz. However, I want to know should the session
> caching be enabled on server side for TLS 1.3 for session resumption.
> Also, I need a clarification on how does resumption work in case of
> session identifiers if server side caching is not enabled
>
> Thanks
> BR,
> Neetish
>
> On Tue, Jun 13, 2017 at 5:38 PM, Salz, Rich via openssl-users <
> openssl-users at openssl.org> wrote:
>
>> It’s disabled by default. Servers that want to use server-side session
>> caching have to call an API to turn it on
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170613/dbe8c3bd/attachment-0001.html>
More information about the openssl-users
mailing list