[openssl-users] session resumption tls1.2/tls1.3

Matt Caswell matt at openssl.org
Mon Jul 17 08:54:39 UTC 2017

On 14/07/17 20:18, Neetish Pathak wrote:
> On Fri, Jul 14, 2017 at 2:54 AM, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
>     On 13/07/17 23:52, Neetish Pathak wrote:
>     > Hi All,
>     > Help with these queries please,
>     >
>     > 1) Is it possible to use external session files (with session info as
>     > identifiers or tickets for out of band resumption) for session
>     > resumption in TLS 1.2. Does it need some kind of callback like the way
>     > it is used in TLS 1.3  with (SSL_set_psk_find_session_callback) /
>     > SSL_set_psk_use_session_callback
>     I'm not entirely clear what you're asking here. The callbacks you
>     mention are for setting up an external PSK in TLSv1.3. In TLSv1.3 we use
>     an SSL_SESSION object to encapsulate the PSK details. This is different
>     to session resumption, where the server sends the session details in a
>     NewSessionTicket message in one connection, so that we can "resume" it
>     in a later connection.
>     So if your question is really "can you external session files for PSK in
>     TLSv1.2" then the answer is no. PSK works completely differently in
>     TLSv1.2.
> Thanks Matt, Apologies for ambiguity in the question
> What I mean to ask is it possible to use out of band resumption in TLS 1.2?
> How I perform the resumption in my programs using TLS 1.2 is as follows :
> 1)  Connect client to the server  for the first time
> 2) when the server sends session id or tickets as the case may be,
> new_session_callback is invoked on the client side and I save the
> session in a pem file using PEM_write_bio_SSL_SESSION
> 3)Now when connecting client to the server next time, I read the session
> from the pem file and set using SSL_set_session. 
> 4)Session resumption is initiated from the client side and the server
> works as expected since it had been caching the session and was not killed.
> I observe that the second connection (and subsequent connections) takes
> place using resumption. As per my understanding, this is called in-band
> resumption
> Now my question is if, I kill the server. I re-initialze the server and
> want to use the session(pem) file to connect to the server (this is a
> fresh connection which should take place using resumption).
> In that case, I will need to set the session on both the ends right? Is
> this approach correct? In that case, how should one implement it. 
> This is out-of-band resumption for TLS 1.2 as per my understanding.
> Please correct me if I am wrong

The term out-of-band resumption is somewhat confusing. Anyway, the
server maintains a session cache. That cache can either be internal
(i.e. maintained by OpenSSL), or external (maintained by your own
application code). In the default case a server will just use the
internal session cache. You can populate that cache manually using
SSL_CTX_add_session(). So if you have a set of pre-existing SSL_SESSION
objects (perhaps loaded from a file) you can manually populate that
cache at application startup.


More information about the openssl-users mailing list