[openssl-users] session resumption tls1.2/tls1.3
matt at openssl.org
Mon Jul 17 08:54:39 UTC 2017
On 14/07/17 20:18, Neetish Pathak wrote:
> On Fri, Jul 14, 2017 at 2:54 AM, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
> On 13/07/17 23:52, Neetish Pathak wrote:
> > Hi All,
> > Help with these queries please,
> > 1) Is it possible to use external session files (with session info as
> > identifiers or tickets for out of band resumption) for session
> > resumption in TLS 1.2. Does it need some kind of callback like the way
> > it is used in TLS 1.3 with (SSL_set_psk_find_session_callback) /
> > SSL_set_psk_use_session_callback
> I'm not entirely clear what you're asking here. The callbacks you
> mention are for setting up an external PSK in TLSv1.3. In TLSv1.3 we use
> an SSL_SESSION object to encapsulate the PSK details. This is different
> to session resumption, where the server sends the session details in a
> NewSessionTicket message in one connection, so that we can "resume" it
> in a later connection.
> So if your question is really "can you external session files for PSK in
> TLSv1.2" then the answer is no. PSK works completely differently in
> Thanks Matt, Apologies for ambiguity in the question
> What I mean to ask is it possible to use out of band resumption in TLS 1.2?
> How I perform the resumption in my programs using TLS 1.2 is as follows :
> 1) Connect client to the server for the first time
> 2) when the server sends session id or tickets as the case may be,
> new_session_callback is invoked on the client side and I save the
> session in a pem file using PEM_write_bio_SSL_SESSION
> 3)Now when connecting client to the server next time, I read the session
> from the pem file and set using SSL_set_session.
> 4)Session resumption is initiated from the client side and the server
> works as expected since it had been caching the session and was not killed.
> I observe that the second connection (and subsequent connections) takes
> place using resumption. As per my understanding, this is called in-band
> Now my question is if, I kill the server. I re-initialze the server and
> want to use the session(pem) file to connect to the server (this is a
> fresh connection which should take place using resumption).
> In that case, I will need to set the session on both the ends right? Is
> this approach correct? In that case, how should one implement it.
> This is out-of-band resumption for TLS 1.2 as per my understanding.
> Please correct me if I am wrong
The term out-of-band resumption is somewhat confusing. Anyway, the
server maintains a session cache. That cache can either be internal
(i.e. maintained by OpenSSL), or external (maintained by your own
application code). In the default case a server will just use the
internal session cache. You can populate that cache manually using
SSL_CTX_add_session(). So if you have a set of pre-existing SSL_SESSION
objects (perhaps loaded from a file) you can manually populate that
cache at application startup.
More information about the openssl-users