[openssl-users] Possible bug in 1.1.1-pre8 with NSTs and PSK in initial ClientHello handshake

Viktor Dukhovni openssl-users at dukhovni.org
Mon Aug 13 17:23:27 UTC 2018

> On Aug 13, 2018, at 1:00 PM, Henderson, Karl via openssl-users <openssl-users at openssl.org> wrote:
> According to RFC8446, Section C.4 “Servers SHOULD issue new tickets with every connection”.
> Yet, in file ssl/statem/extensions_srvr.c, method tls_parse_ctos_psk, s->ext.ticket_expected = 0, preventing the NST from being sent.
> This appears to be a bug – or am I missing something?

Have you observed behaviour different from the below documentation?

       SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets,
       SSL_CTX_get_num_tickets - control the number of TLSv1.3 session tickets
       that are issued

        #include <openssl/ssl.h>

        int SSL_set_num_tickets(SSL *s, size_t num_tickets);
        size_t SSL_get_num_tickets(SSL *s);
        int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
        size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx);

       SSL_CTX_set_num_tickets() and SSL_set_num_tickets() can be called for a
       server application and set the number of session tickets that will be
       sent to the client after a full handshake. Set the desired value (which
       could be 0) in the num_tickets argument. Typically these functions
       should be called before the start of the handshake.

       The default number of tickets is 2; the default number of tickets sent
       following a resumption handshake is 1 but this cannot be changed using
       these functions.  The number of tickets following a resumption
       handshake can be reduced to 0 using custom session ticket callbacks
       (see SSL_CTX_set_session_ticket_cb(3)).


More information about the openssl-users mailing list