Hi Viktor,
Thanks for your response. In my code, somehow, the ssl_read was not getting called ( due to some bug) due to which the session ticket was not being read resulting in no callback. I have fixed it and its working now.
Now the resumption using TLS1.3 is working fine but I want to clarify the following behavior:
As per openssl documentation:
'The default number of tickets is 2; the default number of tickets sent following a resumption handshake is 1'. (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_num_tickets.html)
But in my case, following the resumption handshake, I am always getting two session tickets from the server. Is this behavior fine as it is server dependent.
Regards,
Shalini Dhamija
'
On Thursday, 16 May, 2019, 10:10:57 pm IST, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
On Thu, May 16, 2019 at 04:22:13PM +0000, shalu dhamija via openssl-users wrote:
> But the same flow does not work for TLS1.3. In TLSv1.3, sessions are
> established after the main handshake has completed. So, I have implemented
> the callback SSL_CTX_sess_set_new_cb. And in the callback, I am storing
> the session into the cache. In subsequent connections, the session is
> present in the map, SSL_set_session API returns true. But SSL_session_reused
> is always returning false.
This is not expected, perhaps your code is not quite right.
> I have the following queries:
> 1. Is the above mentioned approach applicable for TLS 1.3?
Yes. It works, for example, in Postfix:
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L543-L547
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L1001-L1004
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L1146
> 2. There is a mention that PreShared keys are used for session
> resumption in TLS1.3.
This is misleading. In TLS 1.3, the PSKs and session tickets have
been internally unified into a single protocol mechanism. This
internal detail is not something that users need to worry about.
> Can someone please clarify, how should I make my
> client send psk using openssl for subsequent connection?
This is not the right question. SSL_set_session() is all you need
for session resumption.
--
Viktor.
> But the same flow does not work for TLS1.3. In TLSv1.3, sessions are
> established after the main handshake has completed. So, I have implemented
> the callback SSL_CTX_sess_set_new_cb. And in the callback, I am storing
> the session into the cache. In subsequent connections, the session is
> present in the map, SSL_set_session API returns true. But SSL_session_reused
> is always returning false.
This is not expected, perhaps your code is not quite right.
> I have the following queries:
> 1. Is the above mentioned approach applicable for TLS 1.3?
Yes. It works, for example, in Postfix:
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L543-L547
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L1001-L1004
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L1146
> 2. There is a mention that PreShared keys are used for session
> resumption in TLS1.3.
This is misleading. In TLS 1.3, the PSKs and session tickets have
been internally unified into a single protocol mechanism. This
internal detail is not something that users need to worry about.
> Can someone please clarify, how should I make my
> client send psk using openssl for subsequent connection?
This is not the right question. SSL_set_session() is all you need
for session resumption.
--
Viktor.
