[openssl-project] OpenSSL 1.1.1 library(OpenSSL 1.1.0 compile) Postfix to Postfix test

Benjamin Kaduk kaduk at mit.edu
Tue Apr 24 13:29:50 UTC 2018


On Mon, Apr 23, 2018 at 09:34:18PM -0400, Viktor Dukhovni wrote:
> 
> 
> > On Apr 22, 2018, at 9:49 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
> > 
> > ----- Client-side diagnostics -----
> 
> On the server side I see that even when the ticket callback returns "0" to accept and not re-issue the ticket, a new ticket is requested anyway.  I'd like to be able to control this, and not issue new tickets when the present ticket is acceptable.  If this requires new API entry points, I can condition them on a suitable min library version.  But ideally the callback return value will be honoured, I don't yet see why we would not do that.

To be clear, the current draft explicitly says "Servers SHOULD issue
new tickets with every connection."  This is not a MUST, but is
perhaps strong enough guidance to merit overriding the existing
ticket callback semantics.

-Ben


More information about the openssl-project mailing list