[openssl-users] how is it possible to confirm that a TLS ticket was used?
vieuxtech at gmail.com
Mon Feb 4 23:54:48 UTC 2019
And is it possible that this is different for TLS1.2 and 1.3?
Using TLS1.3, SSL_session_reused() is always returning false, I'm not
sure if that's because I'm doing something else wrong, and the ticket
is not being accepted and a full handshake is occurring, or if the API
literally only signals "session reuse" not "tls ticket" reuse. Its
also not clear from the docs if this API is supposed to work for both
client & server sides.
With TLS1.2, I notice that the cb to SSL_CTX_sess_set_new_cb() occurs
when a session is NOT reused (and I guess a new ticket is issued), but
in situation that I would expect the session to be resumed, I don't
get the callback. I assume this is because it doesn't make sense to
issue more tickets for a resumed connection? This gives me some
confidence that ticket use is occurring.
For 1.3, I'm always getting the callback (twice per connection, of
course), which makes me think that somehow my ticket reuse code is
working only for 1.2.
For both, I'm getting the session in the new session callback, and
then setting it with SSL_set_session(), so I'd expect resumption to
work for either protocol.
More information about the openssl-users