<html><head></head><body><div class="ydp3d98c795yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div></div>
<div> <div><div>Hi Viktor,</div><div>Thanks for your response. In my code, somehow, the ssl_read was not getting called ( due to some bug) due to which the session ticket was not being read resulting in no callback. I have fixed it and its working now.</div><div>Now the resumption using TLS1.3 is working fine but I want to clarify the following behavior:</div><div>As per openssl documentation:</div><div>'The default number of tickets is 2; the default number of tickets sent following a resumption handshake is 1'. (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_num_tickets.html)</div><div>But in my case, following the resumption handshake, I am always getting two session tickets from the server. Is this behavior fine as it is server dependent.</div></div><div><br></div><div>Regards,</div><div>Shalini Dhamija</div><span style="background-color: rgb(248, 248, 248); color: rgb(34, 34, 34); font-family: PT Serif, Georgia, Times, Times New Roman, serif; font-size: 18.4px;">'</span><br></div><div> </div><div><br></div>
</div><div id="yahoo_quoted_0341119864" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Thursday, 16 May, 2019, 10:10:57 pm IST, Viktor Dukhovni <openssl-users@dukhovni.org> wrote:
</div>
<div><br></div>
<div><br></div>
<div>On Thu, May 16, 2019 at 04:22:13PM +0000, shalu dhamija via openssl-users wrote:<br clear="none"><br clear="none">> But the same flow does not work for TLS1.3. In TLSv1.3, sessions are<br clear="none">> established after the main handshake has completed. So, I have implemented<br clear="none">> the callback SSL_CTX_sess_set_new_cb. And in the callback, I am storing<br clear="none">> the session into the cache. In subsequent connections, the session is<br clear="none">> present in the map, SSL_set_session API returns true. But SSL_session_reused<br clear="none">> is always returning false.<br clear="none"><br clear="none">This is not expected, perhaps your code is not quite right.<br clear="none"><br clear="none">> I have the following queries:<br clear="none">> 1. Is the above mentioned approach applicable for TLS 1.3?<br clear="none"><br clear="none">Yes. It works, for example, in Postfix:<br clear="none"><br clear="none"> <a shape="rect" href="https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L543-L547" target="_blank">https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L543-L547</a><br clear="none"> <a shape="rect" href="https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L1001-L1004" target="_blank">https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L1001-L1004</a><br clear="none"> <a shape="rect" href="https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L1146" target="_blank">https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L1146</a><br clear="none"><br clear="none">> 2. There is a mention that PreShared keys are used for session<br clear="none">> resumption in TLS1.3.<br clear="none"><br clear="none">This is misleading. In TLS 1.3, the PSKs and session tickets have<br clear="none">been internally unified into a single protocol mechanism. This<br clear="none">internal detail is not something that users need to worry about.<br clear="none"><br clear="none">> Can someone please clarify, how should I make my<br clear="none">> client send psk using openssl for subsequent connection?<br clear="none"><br clear="none">This is not the right question. SSL_set_session() is all you need<div class="yqt9918165708" id="yqtfd72976"><br clear="none">for session resumption.</div><br clear="none"><br clear="none">-- <br clear="none"> Viktor.<div class="yqt9918165708" id="yqtfd89620"><br clear="none"></div></div>
</div>
</div></body></html>