Serializing SSL state

Matt Caswell matt at openssl.org
Tue Jun 21 10:13:20 UTC 2022 


On 20/06/2022 22:29, Rouzier, James wrote:
> Hi Matt,
> 
> What would it take to expose this?

At the moment you can serialize an SSL_SESSION object - but this only 
helps during session resumption. So, using this capability, you could 
perform a resumption handshake on a different server to where the 
initial handshake occurred.

What you are talking about is moving an in-progress TLS connection from 
one server to another. This would require the whole SSL object to be 
serialized (or at least potentially we could get away with only certain 
fields - that would need to be investigated).

> Also would you accept a patch if we implement what’s missing?

In principle we would look at such a patch. However in practice my 
expectation is that this would be quite an invasive and extensive patch. 
It would be quite difficult to do and there are lots of moving parts in 
this area at the moment (for example consider PRs 18612 and 18132 which 
are doing some significant refactoring in libssl that will affect the 
layout and contents of the SSL object). I would not recommend 
implementing such a feature at the current time - I expect there to be 
further significant rework and updates going into libssl over the coming 
months.

Any such feature would only be accepted into the master branch (i.e. we 
wouldn't backport it to 3.0 or 1.1.1). Depending on the scale and how 
invasive it is, we might want to defer introducing something like that 
until the next major release.

Matt


> 
> Thank You
> James
> 
> On 6/20/22, 10:13 AM, "Matt Caswell" <matt at openssl.org> wrote:
> 
> 
> 
>      On 20/06/2022 15:11, Rouzier, James via openssl-users wrote:
>      > Hey Guys,
>      >
>      > Is it possible to serialize/deserialize an ongoing TLS session in any way?
>      >
>      > We are trying to create a stateless RADIUS server.
>      > Where we place multiple RADIUS servers behind a UDP loader balancer.
>      > Each part of EAP-TLS process could hit a different server.
>      > The plan is to save the current state of the TLS handshake so that any
>      > server can pickup where the previous server left off.
>      > Is this possible with the current API of openssl?
> 
>      No. This currently not possible.
> 
>      Matt
> 
>

More information about the openssl-users mailing list