[openssl-users] SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); has no effect with TLS 1.3
Matt Caswell
matt at openssl.org
Wed Jan 23 14:57:48 UTC 2019
On 23/01/2019 13:01, Arran Cudbard-Bell wrote:
> As per the subject line:
>
> SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)
>
> does not seem to disable generation of stateless tickets with TLS 1.3:
No - nor does it disable *stateless* tickets with TLSv1.2. The purpose of the
above call is to disable session caching on the server. Since the whole point
about stateless tickets is to not require caching this has no effect on
stateless tickets. Therefore if SSL_OP_NO_TICKET has not been set then session
tickets will still be generated in TLSv1.2 even with the cache mode set to
SSL_SESS_CACHE_OFF.
However if you set the above and *also* set SSL_OP_NO_TICKET then you have
disabled both generation of stateless tickets and the creation of stateful
sessions in TLSv1.2, i.e. no sessions will be created at all in TLSv1.2
TLSv1.3 sessions are slightly different. There is no distinction at the protocol
level between stateful session ids and stateless tickets. Instead, when sessions
are created, they are always in the form of tickets. OpenSSL supports both
stateful and stateless tickets in TLSv1.3 (with the former consisting of a
session id wrapped up in a ticket). In order to maximise compatibility between
TLSv1.3 and TLSv1.2, SSL_OP_NO_TICKET in TLSv1.3 disables *stateless* tickets
only (not stateful ones).
So we might expect that if we disable the session cache (using
SSL_SESS_CACHE_OFF) *and* disable stateless ticket generation using
SSL_OP_NO_TICKET then no tickets at all would be generated in TLSv1.3. On
testing this that doesn't seem to be the case. This appears to be an OpenSSL bug
- and I assume that is the scenario you are hitting.
Interestingly I note that the tickets generated in such a case are useless. If
you attempt to resume using them then it doesn't work. So if your intention is
simply to prevent resumption at all costs, then you have achieved it already (in
spite of the bug that creates the tickets).
I created a new github issue to track this problem:
https://github.com/openssl/openssl/issues/8077
Matt
More information about the openssl-users
mailing list