On 13/07/17 23:52, Neetish Pathak wrote: > Hi All, > Help with these queries please, > > 1) Is it possible to use external session files (with session info as > identifiers or tickets for out of band resumption) for session > resumption in TLS 1.2. Does it need some kind of callback like the way > it is used in TLS 1.3 with (SSL_set_psk_find_session_callback) / > SSL_set_psk_use_session_callback I'm not entirely clear what you're asking here. The callbacks you mention are for setting up an external PSK in TLSv1.3. In TLSv1.3 we use an SSL_SESSION object to encapsulate the PSK details. This is different to session resumption, where the server sends the session details in a NewSessionTicket message in one connection, so that we can "resume" it in a later connection. So if your question is really "can you external session files for PSK in TLSv1.2" then the answer is no. PSK works completely differently in TLSv1.2. > 2) In TLS 1.3, is early data not enabled for out of band PSK session > resumption. Is it only possible with in-band session resumption. > SSL_write_early_data always fails when I load a session from a session > file to perform external PSK resumption before sending the session data. > For in-band resumption it succeeds. Currently we only support early-data for ticket based resumption. You cannot do it with an external PSK. However this PR (which is currently going through review) will add that capability: https://github.com/openssl/openssl/pull/3926 Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
