<div dir="ltr">I need some suggestions on how I can implement session resumption in TLS 1.3. I have implemented the resumption on the client side using a callback as recommended on the TLS 1.3 blog <a href="https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/" rel="noreferrer" target="_blank" style="font-size:12.800000190734863px">https://www.openssl.org/blog/b<wbr>log/2017/05/04/tlsv1.3/</a> . Still, the session resumption is not working. I know this because my new_session_cb which I have set using <font face="Courier"><span style="font-size:14px">SSL_CTX_sess_set_new_cb is never getting invoked and also I don't see any improvement in connection time.</span></font><div><font face="Courier"><span style="font-size:14px"><br></span></font><div><font face="Courier"><span style="font-size:14px">The same implementation when I change the max TLS version to TLS1.2 works and session resumption works as desired. </span></font></div><div><font face="Courier"><span style="font-size:14px">I am not sure how I can resolve this.</span></font></div><div><font face="Courier"><span style="font-size:14px"><br></span></font></div><div><font face="Courier"><span style="font-size:14px">As mentioned on the blog post</span></font></div><div><font face="Courier"><span style="font-size:14px"><br></span></font></div><div><font face="Courier"><span style="font-size:14px">"</span></font><span style="font-family:'PT Serif',Georgia,Times,'Times New Roman',serif;font-size:18.399999618530273px;background-color:rgb(248,248,248)">In TLSv1.3 sessions are not established until after the main handshake has completed. The server sends a separate post-handshake message to the client containing the session details. Typically this will happen soon after the handshake has completed, but it could be sometime later (or not at all).</span><span style="font-size:14px;font-family:Courier">"</span></div><div><span style="font-size:14px;font-family:Courier"><br></span></div><div><span style="font-size:14px;font-family:Courier">I think the server is not informing the session details to client at all in my case and hence the resumption is not working. Can someone please suggest how to resolve this.</span></div><div><span style="font-size:14px;font-family:Courier"><br></span></div><div><span style="font-size:14px;font-family:Courier">Thanks</span></div><div><font face="Courier"><span style="font-size:14px">Best Regards,</span></font></div><div><font face="Courier"><span style="font-size:14px">Neetish</span></font></div><div><font face="Courier"><span style="font-size:14px"><br></span></font></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 13, 2017 at 6:03 PM, Neetish Pathak <span dir="ltr"><<a href="mailto:npathak2@ncsu.edu" target="_blank">npathak2@ncsu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks for your reply Salz. However, I want to know should the session caching be enabled on server side for TLS 1.3 for session resumption.<div>Also, I need a clarification on how does resumption work in case of session identifiers if server side caching is not enabled</div><div><br></div><div>Thanks</div><div>BR,</div><div>Neetish</div></div><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Tue, Jun 13, 2017 at 5:38 PM, Salz, Rich via openssl-users <span dir="ltr"><<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a>></span> wrote:<br></span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<div lang="EN-US" link="blue" vlink="purple">
<div class="m_-515434910494348710m_-3366023502233567325WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">It’s disabled by default. Servers that want to use server-side session caching have to call an API to turn it on<u></u><u></u></span></p>
</div>
</div>
<br></span><span class="">--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailma<wbr>n/listinfo/openssl-users</a><br>
<br></span></blockquote></div><br></div>
</blockquote></div><br></div>