[openssl-users] How to disable SSL session resumption completelly?

Andrey Kulikov amdeich at gmail.com
Mon Sep 12 14:35:06 UTC 2016


I'm using OpenSSL 1.0.2g
In my client I would like to disable SSL session resumption completely (for
test purposes).

I do prior to connection, after creating SSL_CTX:

SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);

But what I saw in traffic capture - is that my client always do session
reuse with sending non-empty session ID. And server does accept it.

How can I disable SSL session resumption completely?

More expanded code snippet:

SSL_CTX *ctx = NULL;
ctx = SSL_CTX_new(SSLv23_client_method()))
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
SSL_CTX_set_verify_depth(ctx, 0);

Am I doing anything wrong? Any required steps are missing?

With best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160912/804d49a4/attachment.html>

More information about the openssl-users mailing list