OpenSSL session reuse does not work with TLS_client_method()

Wed Sep 15 16:10:07 UTC 2021

On Wed, Sep 15, 2021 at 05:26:51PM +0530, Jaya Muthiah wrote:

> I am trying to reuse SSL_SESSION as below, it works fine when I use
> TLSv1_2_client_method() to create context. However, it does not work
> when I use TLS_client_method().
> [...]
>     if (SSL_connect(ssl) != 1) { return -1; }
>     int reused = SSL_session_reused(ssl);
>     ssl_session = SSL_get1_session(ssl); // for future connections

That's because with TLS_client_method() you end up negotiating TLS 1.3,
and with TLS 1.3 session tickets are sent by servers *after* the
completion of the handshake.

A TLS 1.3 session saved manually, immediately at the completion of the
handshake will have no session tickets, and will not be able to perform
resumption.  The robust way to save the session state for resumption is
to implement the session callbacks.

For example, in Postfix, you'll find:

    SSL_CTX_set_session_cache_mode(client_ctx,
                                   SSL_SESS_CACHE_CLIENT |
                                   SSL_SESS_CACHE_NO_INTERNAL_STORE |
                                   SSL_SESS_CACHE_NO_AUTO_CLEAR);
    SSL_CTX_sess_set_new_cb(client_ctx, new_client_session_cb);

    static int new_client_session_cb(SSL *ssl, SSL_SESSION *session)
    {
        ...
        /*
         * The cache name (if caching is enabled in tlsmgr(8)) and the cache ID
         * string for this session are stored in the TLScontext. It cannot be
         * null at this point.
         */
        if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0)
            msg_panic("%s: null TLScontext in new session callback", myname);
        ...
    }

-- 
    Viktor.

[ We all miss the little details sometimes, but I'd have expected Matt
  to not miss this one... ]