SSL_SESSION_set1_ticket ?

Jeremy Harris jgh at
Tue Apr 9 22:52:59 UTC 2019

On 04/04/2019 16:16, Viktor Dukhovni wrote:
>> Well, the *default* STEK is in the SSL_CTX, but that is not a
>> requirement, and you should use the default STEK, since it is
>> not automatically rolled over.
> [ Correction: ... should *not* use the default STEK, ... ]

So I have the server side mostly running, with rollover and
overlap... but in the client, when a session is succesfully
resumed but past the overlap period, and the server issues
a new ticket - the client SSL_SESSION is apparently unchanged
(at least, the ASN.1 dump of it is identical to that loaded
for resumption prior to handshake).

How is an overlapped key update supposed to be handled by
a client?

More information about the openssl-users mailing list