Query related to session resumption in TLS1.3

Viktor Dukhovni openssl-users at dukhovni.org
Sun Jun 9 19:33:13 UTC 2019

On Sun, Jun 09, 2019 at 10:39:36AM +0000, shalu dhamija wrote:

>   "The default number of tickets is 2; the default number of tickets sent
>   following a resumption handshake is 1".  But in my case, following the
>   resumption handshake, I am always getting two session tickets from the
>   server.  Is this behavior fine as it is server dependent.

The behaviour is server-impementation dependent.  If the server is
not using OpenSSL, it might always return multiple tickets.  This
is IMHO unwise, because each resumption increases the number of
available tickets without bound.

In conversation with Matt Caswell he and I came up with the current
OpenSSL design in which a client that uses a pool of N concurrent
sessions *without* ticket re-use (each session repeatedly obtaining
a "continuation" ticket) obtains the requisite tickets after N-1
full handshakes, at which point no excess tickets are delivered so
long as the client's concurrency needs are met.

Servers also have the (non-default) *option* of resuming sessions
with a valid ticket *without* returning a new ticket.  Postfix makes
use of this option to vend exactly one ticket per full handshake,
and not return any new tickets on resumption.  Client MTAs that
support resumption are expected to re-use tickets.


More information about the openssl-users mailing list