On Wed, Jun 20, 2018 at 11:49 PM, Matt Caswell <matt@xxxxxxxxxxx> wrote: > > On 20/06/18 22:31, Yann Ylavic wrote: >> >> but I wonder if >> announcing the start then end of the same handshake multiple times >> could/should be avoided (i.e. handshake ends after last ticket only)? > > They really are individual transactions, so it makes much more sense to > me to signal each one as a separate handshake. On the client side we > have little choice because we don't know how many tickets the server > will send. It seems odd to do it differently on the server. Right but if s_server had handled SSL_CB_HANDSHAKE_START/DONE in its info callback (like s_client), you'd see "SSL negotiation finished successfully" after each ticket, even if the server knows (or could). They are not really transactions since the client isn't supposed to send anything in between, it's still part of the initial handshake IMHO, and the flush seems not really needed either until the last ticket. Looks like it's missing some state in the machine. Regards, Yann. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
