Will TLSv1.3 always send session ticket?
Jaya Muthiah
jeevhi at gmail.com
Thu Sep 16 06:19:51 UTC 2021
As I can read from the documents mentioned below, "or not at all"
worries me. Is there a situation when a session ticket is not sent at
all (other than when reused)?
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_sess_set_new_cb.html
Note that in TLSv1.3, sessions are established after the main
handshake has completed. The server decides when to send the client
the session information and this may occur some time after the end of
the handshake (or not at all).
https://wiki.openssl.org/index.php/TLS1.3#Sessions
In TLSv1.3 sessions are not established until after the main handshake
has completed. The server sends a separate post-handshake message to
the client containing the session details. Typically this will happen
soon after the handshake has completed, but it could be sometime later
(or not at all).
More information about the openssl-users
mailing list