On 07/06/18 19:48, Angus Robertson - Magenta Systems Ltd wrote: > I'm reading the TLSv1.3 notes that suggest SSL_CTX_sess_set_get_cb is > called for both clients and servers, but am confused by the > documentation. > The get_session_cb is only ever called for servers. The new_sesion_cb and remove_session_cb can be called for clients and servers. When you refer to the the "TLSv1.3 notes" do you mean this page? https://wiki.openssl.org/index.php/TLS1.3 I couldn't see anywhere on there that suggests that get_session_cb is called on clients. > The 1.1.1 manual page still starts 'provide callback functions for > server side external session caching' with no mention of clients. Ah, good point. That needs fixing. As I said above the new_session_cb and remove_session_cb can be called for clients. > > I'm updating code that supports 1.0.2 to 1.1.1 for external session > caching, for clients and servers, so particularly interested when > client session callbacks arrived. > > The TLSv1.3 notes suggest the callback worked for clients in 1.1.0, a > quick test suggests it actually gets called in 1.0.2 as well. Is this > correct? I think new_session_cb and remove_session_cb should work in 1.0.2 on clients. > Has OpenSSL internal session caching improved over the years so that > external caching is no longer necessary? Not much has changed here. It was never "necessary" on the server side - but of course it depends on what you are trying to do and whether it is appropriate for your needs. Client side caching is a bit more "limited" in its usefulness :-) Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
