On Thursday, 16 September 2021 16:28:47 CEST, Benjamin Kaduk wrote:
On Thu, Sep 16, 2021 at 04:11:49PM +0200, Hubert Kario wrote:
On Thursday, 16 September 2021 04:41:44 CEST, Jaya Muthiah wrote:
I am trying to get the remaining lifetime of the ticket so that server
can decide to renew ticket or not
TLS 1.3 tickets are single use. If the ticket was used by a client, and
you expect it to make a connection in the future, server needs
to send a new
one.
Single-use tickets are only a protocol requirement when 0-RTT data is used.
The OpenSSL implementation even allows the libssl-internal enforcement of
single-use to be disabled (see SSL_OP_NO_ANTI_REPLAY at
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html).
OpenSSL as a client also has some measures to encourate single-use tickets,
which I have a PR open to provide a knob to disable:
https://github.com/openssl/openssl/pull/16598 .
They're single use not only because of replay but also because of privacy
reasons, as reuse of a ticket indicates that the same client did send it.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
