[openssl-users] Confused about client side session caching
Matt Caswell
matt at openssl.org
Fri Jun 8 08:03:25 UTC 2018
On 07/06/18 19:48, Angus Robertson - Magenta Systems Ltd wrote:
> I'm reading the TLSv1.3 notes that suggest SSL_CTX_sess_set_get_cb is
> called for both clients and servers, but am confused by the
> documentation.
>
The get_session_cb is only ever called for servers. The new_sesion_cb
and remove_session_cb can be called for clients and servers.
When you refer to the the "TLSv1.3 notes" do you mean this page?
https://wiki.openssl.org/index.php/TLS1.3
I couldn't see anywhere on there that suggests that get_session_cb is
called on clients.
> The 1.1.1 manual page still starts 'provide callback functions for
> server side external session caching' with no mention of clients.
Ah, good point. That needs fixing. As I said above the new_session_cb
and remove_session_cb can be called for clients.
>
> I'm updating code that supports 1.0.2 to 1.1.1 for external session
> caching, for clients and servers, so particularly interested when
> client session callbacks arrived.
>
> The TLSv1.3 notes suggest the callback worked for clients in 1.1.0, a
> quick test suggests it actually gets called in 1.0.2 as well. Is this
> correct?
I think new_session_cb and remove_session_cb should work in 1.0.2 on
clients.
> Has OpenSSL internal session caching improved over the years so that
> external caching is no longer necessary?
Not much has changed here. It was never "necessary" on the server side -
but of course it depends on what you are trying to do and whether it is
appropriate for your needs. Client side caching is a bit more "limited"
in its usefulness :-)
Matt
More information about the openssl-users
mailing list