<div dir="ltr">Thanks Matt<div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 8, 2017 at 3:45 PM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 08/06/17 23:12, Neetish Pathak wrote:<br>
> Thanks.<br>
> I had one query regarding the TLS 1.3 implementation on server side. I<br>
> have a simple client server program with session resumption working with<br>
> TLS 1.2.<br>
> When I use TLS 1.3, I see that server hello message has a malformed<br>
> packet.<br>
<br>
</span>How do you know it is malformed? The format of the ServerHello message<br>
has changed in TLSv1.3, so if you expect it to look like a TLSv1.2<br>
ServerHello then you will be surprised.<br></blockquote><div><br></div><div><br></div><div><b>I know the ServerHello is malformed from the WIRESHARK LOGS. It shows an exception for the ServerHello with malformed packet message.</b></div><div> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class=""><br>
> Though the SSL handshake is successful. I am not observing<br>
> session resumption.<br>
> I want to know what causes server hello to have a malformed packet.<br>
> Also, is any extra configuration required for TLS 1.3 ?<br>
> I am assuming TLS 1.3 can also use session Ids/ tickets for session<br>
> resumption.<br>
<br>
</span>You probably want to read this blog post:<br>
<br>
<a href="https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/" rel="noreferrer" target="_blank">https://www.openssl.org/blog/<wbr>blog/2017/05/04/tlsv1.3/</a><br>
<br>
</blockquote><div><b>This blogpost is highly useful. Thanks for directing me here. I am following the guidelines.</b></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Session ids are not used in TLSv1.3 and session tickets work very<br>
differently. Session resumption should work just fine but there are some<br>
things to be aware of (discussed in the blog post).<br>
<br>
Matt<br>
<span class=""><br>
<br>
><br>
> Thanks<br>
> Best Regards,<br>
> Neetish<br>
><br>
> On Thu, Jun 8, 2017 at 1:47 AM, Matt Caswell <<a href="mailto:matt@openssl.org">matt@openssl.org</a><br>
</span><span class="">> <mailto:<a href="mailto:matt@openssl.org">matt@openssl.org</a>>> wrote:<br>
><br>
><br>
><br>
> On 08/06/17 01:26, Neetish Pathak wrote:<br>
> > Hello All,<br>
> ><br>
> > I am new to the Openssl community.<br>
> > I am using the latest version of Openssl (with TLS 1.3 enabled) for<br>
> > performance benchmarking. I wanted to know if the session ticket support<br>
> > for session resumption enabled;ed by default for OpenSSL TLS v 1.2 or it<br>
> > needs to be explicitly enabled?<br>
><br>
> It is on by default.<br>
><br>
> Matt<br>
><br>
> --<br>
> openssl-users mailing list<br>
> To unsubscribe:<br>
> <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</span>> <<a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><wbr>><br>
<div class="HOEnZb"><div class="h5">><br>
><br>
><br>
><br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</div></div></blockquote></div><br></div></div>