Re: Will TLSv1.3 always send session ticket?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 16/09/2021 07:19, Jaya Muthiah wrote:
As I can read from the documents mentioned below, "or not at all"
worries me. Is there a situation when a session ticket is not sent at
all (other than when reused)?

TLSv1.3 does not require the server to send any tickets if it decides not to. By default in OpenSSL a server will send 2 session tickets after a normal handshake, or 1 session ticket after a resumption handshake. There is nothing in the spec about that, so other libraries are very likely to have different policies and defaults.

In OpenSSL it is possible to configure the a server to set the number of tickets that are sent - including down to 0.

So, yes, there may be situations where the server does not send a session ticket.

Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux