Hi Matt, On Tue, 15 Jan 2019 at 20:02, Matt Caswell <matt@xxxxxxxxxxx> wrote: > This is perhaps best explained by this comment in the client side code for > processing a new ticket from the server: > > /* > * There are two ways to detect a resumed ticket session. One is to set > * an appropriate session ID and then the server must return a match in > * ServerHello. This allows the normal client session ID matching to work > * and we know much earlier that the ticket has been accepted. The > * other way is to set zero length session ID when the ticket is > * presented and rely on the handshake to determine session resumption. > * We choose the former approach because this fits in with assumptions > * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is > * SHA256 is disabled) hash of the ticket. > */ Beautiful! Thank you so much for the clarification. with regards, Saravanan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
