Re: Session Ticket Support in Openssl TLS 1.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Matt

On Thu, Jun 8, 2017 at 3:45 PM, Matt Caswell <matt@xxxxxxxxxxx> wrote:


On 08/06/17 23:12, Neetish Pathak wrote:
> Thanks.
> I had one query regarding the TLS 1.3 implementation on server side. I
> have a simple client server program with session resumption working with
> TLS 1.2.
> When I use TLS 1.3, I see that server hello message has a malformed
> packet.

How do you know it is malformed? The format of the ServerHello message
has changed in TLSv1.3, so if you expect it to look like a TLSv1.2
ServerHello then you will be surprised.


I know the ServerHello is malformed from the WIRESHARK LOGS. It shows an exception for the ServerHello with malformed packet message.
 

> Though the SSL handshake is successful. I am not observing
> session resumption.
> I want to know what causes server hello to have a malformed packet.
> Also, is any extra configuration required for TLS 1.3 ?
> I am assuming TLS 1.3 can also use session Ids/ tickets for session
> resumption.

You probably want to read this blog post:

https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/

This blogpost is highly useful. Thanks for directing me here. I am following the guidelines.
 
Session ids are not used in TLSv1.3 and session tickets work very
differently. Session resumption should work just fine but there are some
things to be aware of (discussed in the blog post).

Matt


>
> Thanks
> Best Regards,
> Neetish
>
> On Thu, Jun 8, 2017 at 1:47 AM, Matt Caswell <matt@xxxxxxxxxxx
> <mailto:matt@xxxxxxxxxxx>> wrote:
>
>
>
>     On 08/06/17 01:26, Neetish Pathak wrote:
>     > Hello All,
>     >
>     > I am new to the Openssl community.
>     > I am using the latest version of Openssl (with TLS 1.3 enabled) for
>     > performance benchmarking. I wanted to know if the session ticket support
>     > for session resumption enabled;ed by default for OpenSSL TLS v 1.2 or it
>     > needs to be explicitly enabled?
>
>     It is on by default.
>
>     Matt
>
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux