On Thu, Sep 16, 2021 at 12:20:05PM -0400, Viktor Dukhovni wrote: > > I don't recall whether OpenSSL makes any effort to or supports deferring > the transmission of session tickets until just before the first > application data transmission from server to client (or else perhaps > just before responding to a received close-notify with a reciprocal > close-notify) It's not the default behavior, but is supported: you can configure the SSL/SSL_CTX to send zero tickets by default and then manually call SSL_new_session_ticket(), which defers the transmission until there is another write or explicit SSL_do_handshake() call. -Ben
