SSL_SESSION_set1_ticket ?

Viktor Dukhovni openssl-users at
Wed Apr 3 22:09:59 UTC 2019

> On Apr 3, 2019, at 4:16 PM, Jeremy Harris <jgh at> wrote:
>> Does the server have a temporally stable ticket decryption key?
>> Is this Exim?  Is the server's SSL_CTX persistent and shared
>> across multiple connections?
> Ah, right.  Unlike GnuTLS, the STEK is tied to the SSL_CTX and,
> as you say, Exim initialises that fresh per connection.
> Rearchitecting that is more effort than it's worth spending
> on TLS 1.2, I think.

Well, the *default* STEK is in the SSL_CTX, but that is not a
requirement, and you should use the default STEK, since it is
not automatically rolled over.

Postfix instantiates the ticket management callbacks, which
are registered per-ctx, but the associated key material is
then wherever the application (e.g. Postfix) decides to keep

So you, and should, manage STEKs separately from the SSL_CTX,
and as appropriate tie the same keys to any appropriate SSL_CTX
by instantiating the appropriate callbacks.

The one thing to be mindful of is that if you have different
TLS policies across different SSL_CTX objects, they should
probably not share keys, otherwise it *may* be possible for
sessions to be established against a weak policy and then
inappropriately resumed against a service with a stronger
policy.  The solution is to assign different session id
contexts to SSL_CTX's that should not allow cross-resumption.

The SSL_CTX_set_session_id_context(3) allows you to specify
such a session id context.  I just looked at the documentation
of SSL_CTX_set_session_id_context(3), and is rather poor.
You just need to know that the context is binary data up
a maximum length you must not exceed, and the signature
of the function.  The description is largely wrong. :-(


More information about the openssl-users mailing list