Contract of d2i_SSL_SESSION ?
Jesper Pedersen
jesper.pedersen at redhat.com
Thu Dec 16 11:57:50 UTC 2021
Hi Matt,
On 12/16/21 06:48, Matt Caswell wrote:
> On 16/12/2021 11:42, Jesper Pedersen wrote:
>> So, a resume on the client side linking up against the existing server
>> side.
>
> What you are describing is not a resumption. A TLS resumption has a
> specific meaning. It involves both a client and a server creating a new
> connection based on an abbreviated handshake using parameters from a
> previous handshake.
>
So, having the i2d_SSL_SESSION of a previous client being used by a new
client through SSL_set_session against the same server side connection
isn't being considered a resume ?
The client data for "Process 1" and "Process 2" should be the same -
apart from the value of the socket descriptor (in certain cases) - plus
the server side should never change.
The parameters necessary for the handshake shouldn't change in my view -
unless the actual value of the client socket descriptor is part of that
information.
Thanks for your feedback !
Best regards,
Jesper
More information about the openssl-users
mailing list