Query related to session resumption in TLS1.3

Viktor Dukhovni openssl-users at dukhovni.org
Thu May 16 16:40:38 UTC 2019

On Thu, May 16, 2019 at 04:22:13PM +0000, shalu dhamija via openssl-users wrote:

> But the same flow does not work for TLS1.3. In TLSv1.3, sessions are
> established after the main handshake has completed. So, I have implemented
> the callback SSL_CTX_sess_set_new_cb. And in the callback, I am storing
> the session into the cache. In subsequent connections, the session is
> present in the map, SSL_set_session API returns true. But SSL_session_reused
> is always returning false.

This is not expected, perhaps your code is not quite right.

> I have the following queries:
> 1. Is the above mentioned approach applicable for TLS 1.3?

Yes.  It works, for example, in Postfix:


> 2. There is a mention that PreShared keys are used for session
> resumption in TLS1.3.

This is misleading.  In TLS 1.3, the PSKs and session tickets have
been internally unified into a single protocol mechanism.  This
internal detail is not something that users need to worry about.

> Can someone please clarify, how should I make my
> client send psk using openssl for subsequent connection?

This is not the right question.  SSL_set_session() is all you need
for session resumption.


More information about the openssl-users mailing list