Session Tickets in TLS1.3

anupama m anuavnd at gmail.com
Sat Apr 13 17:21:22 UTC 2024


Hi,

My client application is trying to connect to "www.pypi.org" using TLS1.3.
As can be seen in the screenshot below, the server is sending the "New
Session Ticket" before the client sends the CCS and Finished message.
According to the RFC, tickets are post handshake messages and should be
sent by the server after it has received the Client Finished message (hope
this still holds true).

[image: session ticket.JPG]

Because of this ordering, i can see that the openssl-1.1.1 is not
processing the session ticket when the handshake is happening(I don't see a
callback). I will have to notify openssl again after it is done processing
the client finished or else the connection gets stuck.

Can you please shed some light on this behavior? Is this handled in later
versions of openssl?

Thanks,
Anupama M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240413/c21c0133/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: session ticket.JPG
Type: image/jpeg
Size: 87065 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240413/c21c0133/attachment-0001.jpe>


More information about the openssl-users mailing list