On Thu, May 16, 2019 at 04:22:13PM +0000, shalu dhamija via openssl-users wrote: > But the same flow does not work for TLS1.3. In TLSv1.3, sessions are > established after the main handshake has completed. So, I have implemented > the callback SSL_CTX_sess_set_new_cb. And in the callback, I am storing > the session into the cache. In subsequent connections, the session is > present in the map, SSL_set_session API returns true. But SSL_session_reused > is always returning false. This is not expected, perhaps your code is not quite right. > I have the following queries: > 1. Is the above mentioned approach applicable for TLS 1.3? Yes. It works, for example, in Postfix: https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L543-L547 https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L1001-L1004 https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L1146 > 2. There is a mention that PreShared keys are used for session > resumption in TLS1.3. This is misleading. In TLS 1.3, the PSKs and session tickets have been internally unified into a single protocol mechanism. This internal detail is not something that users need to worry about. > Can someone please clarify, how should I make my > client send psk using openssl for subsequent connection? This is not the right question. SSL_set_session() is all you need for session resumption. -- Viktor.
