SSL_SESSION_set1_ticket ?

Jeremy Harris jgh at
Wed Apr 10 10:21:08 UTC 2019

On 10/04/2019 11:15, Hubert Kario wrote:
> On Wednesday, 10 April 2019 12:05:21 CEST Jeremy Harris wrote:
>> On 10/04/2019 01:25, Viktor Dukhovni wrote:
>>> With TLS 1.0, 1.1 and 1.2, the the (always new IIRC) session object
>>> associated with the connection object at the completion of each
>>> handshake, will contain any fresh tickets issued by the server.
>> That does not match my observation.
> that assumes that the server sends tickets in the first place... but the point 
> stands, the TLS 1.2 server cannot provide a session ticket to the client after 
> the handshake finished (client received server's Finished message), same for 
> even older protocols

I'm not saying the new ticket arrived after the handshake.  I can
see the notification of it arriving during the handshake.  Yet
the session dumped via i2d... after the handshake is bitwise identical
to that given to d2i... , SSL_set_session before the handshake.

More information about the openssl-users mailing list