openssl-users at dukhovni.org
Mon Apr 1 04:13:11 UTC 2019
A resumed session holds not just the ticket, but also the server
certificate, so that one examine the certificate and its saved
verification status, ... And of course you need not just the
ticket, but also the master key (in the session object).
> On Mar 31, 2019, at 3:56 PM, Jeremy Harris <jgh at wizmail.org> wrote:
> Having to store an entire ASN.1-coded session in a DB, at
> some 1250 byte versus 160 for the ticket is suboptimal.
> This is for client-side TLS1.2 resumption, when the clients
> are separate processes and time-separated.
OpenSSL promises more state at the end of session resumption, and
so the necessary state is carried along. For an MTA the size of
saved sessions is not a substantial barrier.
More information about the openssl-users