On 10/04/2019 11:15, Hubert Kario wrote: > On Wednesday, 10 April 2019 12:05:21 CEST Jeremy Harris wrote: >> On 10/04/2019 01:25, Viktor Dukhovni wrote: >>> With TLS 1.0, 1.1 and 1.2, the the (always new IIRC) session object >>> associated with the connection object at the completion of each >>> handshake, will contain any fresh tickets issued by the server. >> >> That does not match my observation. > > that assumes that the server sends tickets in the first place... but the point > stands, the TLS 1.2 server cannot provide a session ticket to the client after > the handshake finished (client received server's Finished message), same for > even older protocols I'm not saying the new ticket arrived after the handshake. I can see the notification of it arriving during the handshake. Yet the session dumped via i2d... after the handshake is bitwise identical to that given to d2i... , SSL_set_session before the handshake. -- Cheers, Jeremy
