A resumed session holds not just the ticket, but also the server certificate, so that one examine the certificate and its saved verification status, ... And of course you need not just the ticket, but also the master key (in the session object). > On Mar 31, 2019, at 3:56 PM, Jeremy Harris <jgh@xxxxxxxxxxx> wrote: > > Having to store an entire ASN.1-coded session in a DB, at > some 1250 byte versus 160 for the ticket is suboptimal. > > This is for client-side TLS1.2 resumption, when the clients > are separate processes and time-separated. OpenSSL promises more state at the end of session resumption, and so the necessary state is carried along. For an MTA the size of saved sessions is not a substantial barrier. -- Viktor.
