[openssl-users] Session Ticket Support in Openssl TLS 1.2

Matt Caswell matt at openssl.org
Thu Jun 8 22:45:44 UTC 2017



On 08/06/17 23:12, Neetish Pathak wrote:
> Thanks. 
> I had one query regarding the TLS 1.3 implementation on server side. I
> have a simple client server program with session resumption working with
> TLS 1.2. 
> When I use TLS 1.3, I see that server hello message has a malformed
> packet.

How do you know it is malformed? The format of the ServerHello message
has changed in TLSv1.3, so if you expect it to look like a TLSv1.2
ServerHello then you will be surprised.

> Though the SSL handshake is successful. I am not observing
> session resumption.
> I want to know what causes server hello to have a malformed packet.
> Also, is any extra configuration required for TLS 1.3 ?
> I am assuming TLS 1.3 can also use session Ids/ tickets for session
> resumption.

You probably want to read this blog post:

https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/

Session ids are not used in TLSv1.3 and session tickets work very
differently. Session resumption should work just fine but there are some
things to be aware of (discussed in the blog post).

Matt


> 
> Thanks
> Best Regards,
> Neetish
> 
> On Thu, Jun 8, 2017 at 1:47 AM, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
> 
> 
> 
>     On 08/06/17 01:26, Neetish Pathak wrote:
>     > Hello All,
>     >
>     > I am new to the Openssl community.
>     > I am using the latest version of Openssl (with TLS 1.3 enabled) for
>     > performance benchmarking. I wanted to know if the session ticket support
>     > for session resumption enabled;ed by default for OpenSSL TLS v 1.2 or it
>     > needs to be explicitly enabled?
> 
>     It is on by default.
> 
>     Matt
> 
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
> 
> 
> 
> 


More information about the openssl-users mailing list