[openssl-users] Possible bug in 1.1.1-pre8 with NSTs and PSK in initial ClientHello handshake

Henderson, Karl KHenderson at verisign.com
Mon Aug 13 17:00:38 UTC 2018

According to RFC8446, Section C.4 “Servers SHOULD issue new tickets with every connection”.

Yet, in file ssl/statem/extensions_srvr.c, method tls_parse_ctos_psk, s->ext.ticket_expected = 0, preventing the NST from being sent.

This appears to be a bug – or am I missing something?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180813/b235ea48/attachment.html>

More information about the openssl-users mailing list