As per the subject line: SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF) does not seem to disable generation of stateless tickets with TLS 1.3: SSL_CTX_set_num_tickets(ctx, 0); is also required to prevent the tickets being generated. There's no mention of this additional call on the SSL_CTX_set_session_cache_mode pages (but is documented elsewhere). It really seems like SSL_SESS_CACHE_OFF should also disable TLS1.3 session tickets if the intent is for TLS 1.3 to mostly be a drop in replacement for TLS <= 1.2. A user upgrades OpenSSL library and suddenly session resumption enabled where it wasn't before... that doesn't seem right. In our case this broke our session_resumption control toggle, where 'session_resumption = no' prevented our EAP server implementation from presenting tickets with TLS <= 1.2 but still allowed them if TLS 1.3 was negotiated. Disabling session resumption is more important with EAP methods like EAP-TTLS and EAP-PEAP because it controls whether phase 2 runs or not - phase 2 being where the actual credential validation happens. This was tested with current OpensSL master HEAD. Can test with the 1.1.* branch if that'd help. -Arran -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
