In particular, I'm getting a close_notify alert, followed by two NewSessionTickets from the server. The does SSL_read()/SSL_get_error(), it is returning SSL_ERROR_ZERO_RETURN, so I stop calling SSL_read(). However, that means that the NewSessionTickets aren't seen, so I don't get the callbacks from SSL_CTX_sess_set_new_cb(). Should we be calling SSL_read() until some other return value occurs? Note that no data is written by the server, and SSL_shutdown() is called from inside the server's SSL_CB_HANDSHAKE_DONE info callback. The node test suite is rife with this pracitce, where a connection is established to prove its possible, but then just ended without data transfer. For TLS1.2 we get the session callbacks, but TLS1.3 we do not. This is the trace, edited to reduce SSL_trace verbosity: server TLSWrap::SSLInfoCallback(where SSL_CB_HANDSHAKE_DONE, alert U) established? 0 state 0x21 TWST: SSLv3/TLS write session ticket TLSv1.3 server TLSWrap::DoShutdown() established? 1 ssl? 1 Sent Record Inner Content Type = Alert (21) Level=warning(1), description=close notify(0) Sent Record NewSessionTicket, Length=245 Sent Record NewSessionTicket, Length=245 client TLSWrap::OnStreamRead(nread 566) established? 1 ssl? 1 parsing? 0 eof? 0 Received Record Level=warning(1), description=close notify(0) SSL_read() => 0 SSL_get_shutdown() => SSL_RECEIVED_SHUTDOWN SSL_get_error() => SSL_ERROR_ZERO_RETURN At this point, we consider the connection closed... not sure what else to do. Thanks, Sam -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users