On Sun, Jun 09, 2019 at 10:39:36AM +0000, shalu dhamija wrote: > "The default number of tickets is 2; the default number of tickets sent > following a resumption handshake is 1". But in my case, following the > resumption handshake, I am always getting two session tickets from the > server. Is this behavior fine as it is server dependent. The behaviour is server-impementation dependent. If the server is not using OpenSSL, it might always return multiple tickets. This is IMHO unwise, because each resumption increases the number of available tickets without bound. In conversation with Matt Caswell he and I came up with the current OpenSSL design in which a client that uses a pool of N concurrent sessions *without* ticket re-use (each session repeatedly obtaining a "continuation" ticket) obtains the requisite tickets after N-1 full handshakes, at which point no excess tickets are delivered so long as the client's concurrency needs are met. Servers also have the (non-default) *option* of resuming sessions with a valid ticket *without* returning a new ticket. Postfix makes use of this option to vend exactly one ticket per full handshake, and not return any new tickets on resumption. Client MTAs that support resumption are expected to re-use tickets. -- Viktor.