Dear All,
Openssl version used is 3.0.2 and TLS is 1.2
Currently in our product we are using "SSL_SESSION_get_id(SSL_get0_session((SSL *) m_pSsl), nullptr)" to get the SSL Session ID(session is getting created successfully).
But the session ID is coming as NULL(00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00).
Our server has been enabled with session caching using "SSL_set_not_resumable_session_callback".
Please provide us inputs on do we need to use any other flavor of the like SSL_SESSION_get0_id_context() instead of SSL_SESSION_get_id()
Regards,
Sethu V
-----Original Message-----
From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of Viktor Dukhovni
Sent: Friday, September 2, 2022 7:45 PM
To: openssl-users@xxxxxxxxxxx
Subject: Re: Session ID is coming as NULL in openSSL 3.0.2 and TLS 1.2 version
EXTERNAL EMAIL - Please use caution with links and attachments
On Fri, Sep 02, 2022 at 07:23:41AM +0000, Sethuraman Venugopal wrote:
> The SSL session is getting created successfully, but the session ID is
> coming as NULL, due to which the handshake is failing between the
> client and server.
Successful handshakes need not issue a non-empty session id. The server may not support resumption, or may support only ticket-based resumption and have no session cache.
Absence of a session id is NOT a failure, and your code must not require one.
https://datatracker.ietf.org/doc/html/rfc5077#section-3.4
> Please suggest me a solution for this issue.
Don't require a session id.
--
Viktor.
