SSL_SESSION_set1_ticket ?

Jeremy Harris jgh at
Sun Mar 31 19:56:39 UTC 2019

Why is there not an SSL_SESSION_set1_ticket() ?

Having to store an entire ASN.1-coded session in a DB, at
some 1250 byte versus 160 for the ticket is suboptimal.

This is for client-side TLS1.2 resumption, when the clients
are separate processes and time-separated.

You can get ticket blobs via

You can get/set the entire session via i2d_SSL_SESSION(sess, ),
d2i_SSL_session(&sess, string, ), SSL_set_session(ssl, sess).

If it were possible to use an SSL_SESSION_set1_ticket,
what else would need to be set in the session?

More information about the openssl-users mailing list