[openssl-users] how is it possible to confirm that a TLS ticket was used?

Sam Roberts vieuxtech at gmail.com
Tue Feb 5 22:43:03 UTC 2019

I tracked down my problem, its due to a change in the relative order
of handshake completion (as detected by the info callback, anyhow),
and the callback to SSL_CTX_set_tlsext_ticket_key_cb().

With TLS1.2, I can rotate ticket keys on the server when the handshake
completes, and they will only apply to the next connection.

With TLS1.3, the tickets haven't been sent yet, at the time the
handshake completes, so when I "rotate" the keys, the new keys are
used immediately afterwards in the ticket_key_cb to encrypt the
tickets for the connection that just handshaked.

Its semi-obvious in retrospect, after having read our ticket key
handling code, but it took me a while to find it.

And it turns out that yes, SSL_session_resumed() does work with TLS tickets.

Thanks for the suggestions, Viktor.


More information about the openssl-users mailing list