[openssl-users] how is it possible to confirm that a TLS ticket was used?

[Matt Caswell]

On 04/02/2019 23:54, Sam Roberts wrote:
> And is it possible that this is different for TLS1.2 and 1.3?
> 
> Using TLS1.3, SSL_session_reused() is always returning false, I'm not
> sure if that's because I'm doing something else wrong, and the ticket
> is not being accepted and a full handshake is occurring, or if the API
> literally only signals "session reuse" not "tls ticket" reuse. Its
> also not clear from the docs if this API is supposed to work for both
> client & server sides.

SSL_session_reused() works in both TLSv1.2 and TLSv1.3 on both the client and
the server, regardless of whether the reuse comes from a traditional session or
from a ticket. If you're always getting false in TLSv1.3 then you are failing to
resume in TLSv1.3.


> With TLS1.2, I notice that the cb to SSL_CTX_sess_set_new_cb() occurs
> when a session is NOT reused (and I guess a new ticket is issued), but
> in situation that I would expect the session to be resumed, I don't
> get the callback. I assume this is because it doesn't make sense to
> issue more tickets for a resumed connection? This gives me some
> confidence that ticket use is occurring.
> 
> For 1.3, I'm always getting the callback (twice per connection, of
> course), which makes me think that somehow my ticket reuse code is
> working only for 1.2.

In TLSv1.3, by default, we issue two tickets if session reuse did not occur, and
one if reuse did occur.


> For both, I'm getting the session in the new session callback, and
> then setting it with SSL_set_session(), so I'd expect resumption to
> work for either protocol.

Yes - it should. It would be helpful to check whether the ticket is actually
appearing in the ClientHello or not.

Matt