Session ID or Session ticket?

Matt Caswell matt at openssl.org
Mon May 27 08:25:07 UTC 2019



On 27/05/2019 08:17, John Jiang wrote:
> Hi,
> I'm using OpenSSL 1.1.1
> 
> I just use the below s_client command to test resumption.
> openssl s_client -CAfile CA.cer -tls1_2 -sess_in openssl.sess -connect
> localhost:9443
> 
> Is there any option to take this tool to use only session id or session ticket
> for resumption?


The behaviour obviously partly depends on what the server supports. An OpenSSL
client will always use session id based resumption if possible and there is no
ticket sent from the server. If a ticket is provided it will use that instead,
unless you supply the "-no_ticket" option to s_client - which disables all
ticket support on the client.

Matt



More information about the openssl-users mailing list