SSL_SESSION_set1_ticket ?
Jeremy Harris
jgh at wizmail.org
Sun Mar 31 19:56:39 UTC 2019
Why is there not an SSL_SESSION_set1_ticket() ?
Having to store an entire ASN.1-coded session in a DB, at
some 1250 byte versus 160 for the ticket is suboptimal.
This is for client-side TLS1.2 resumption, when the clients
are separate processes and time-separated.
You can get ticket blobs via
SSL_SESSION_get0_ticket(SSL_get_session(ssl)).
You can get/set the entire session via i2d_SSL_SESSION(sess, ),
d2i_SSL_session(&sess, string, ), SSL_set_session(ssl, sess).
If it were possible to use an SSL_SESSION_set1_ticket,
what else would need to be set in the session?
--
Thanks,
Jeremy
More information about the openssl-users
mailing list