[openssl-users] SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); has no effect with TLS 1.3

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Jan 23 13:01:35 UTC 2019

As per the subject line:

	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF) 

does not seem to disable generation of stateless tickets with TLS 1.3:

	SSL_CTX_set_num_tickets(ctx, 0); 

is also required to prevent the tickets being generated.

There's no mention of this additional call on the SSL_CTX_set_session_cache_mode pages (but is documented elsewhere).

It really seems like SSL_SESS_CACHE_OFF should also disable TLS1.3 session tickets if the intent is for TLS 1.3 to mostly be a drop in replacement for TLS <= 1.2.  A user upgrades OpenSSL library and suddenly session resumption enabled where it wasn't before... that doesn't seem right.

In our case this broke our session_resumption control toggle, where 'session_resumption = no' prevented our EAP server implementation from presenting tickets with TLS <= 1.2 but still allowed them if TLS 1.3 was negotiated.

Disabling session resumption is more important with EAP methods like EAP-TTLS and EAP-PEAP because it controls whether phase 2 runs or not - phase 2 being where the actual credential validation happens.

This was tested with current OpensSL master HEAD.  Can test with the 1.1.* branch if that'd help.


More information about the openssl-users mailing list