Session ID is coming as "" (empy string) in openSSL 3.0.2 and TLS 1.2 version at client side

[Sethuraman Venugopal <Sethuraman.Venugopal@xxxxxxxxxxx>]

Dear All,

 

Dear All,

 

In our project below are the openssl and TLS version we are consuming it

 

OpenSSL Version : OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

TLS Version : 1.2

Message Digest : SHA256

 

Problem Statement : The SSL session is getting created successfully at client/server side , but the session ID is coming as “”(empty string) at client side.

 

Below settings has been done

 

1. we have disabled session ticketing and SSLv3. at server/client side
2. SSL_set_not_resumable_session_callback and SSL_CTX_set_not_resumable_session_callback has been made to return “0” at server/client side.

 

Code Snippet and Logs for your reference

 

memcpy (&m_ServerChallenge[0],

SSL_SESSION_get_id(SSL_get0_session((SSL *) m_pSsl), nullptr),

CHALLENGE_LENGTH);

 

The above is the code snippet used to get the SSL session ID used in our client

 

Below are the values logged for your reference.

 

01:21:14.369[1e64][Warning] SslNonCertificateConnectTransport             : The pSsl Value is                                                                                                                                           : [03B3A808]

01:21:14.369[1e64][Warning] SslNonCertificateConnectTransport             : The SSL Session value SSL_get0_session((SSL *) m_pSsl)                                                            : [03B47B48]

01:21:14.369[1e64][Warning] SslNonCertificateConnectTransport           : The Session ID is SSL_SESSION_get_id(SSL_get0_session((SSL *) m_pSsl), nullptr)               : []

 

Please suggest me a solution for this issue.

 

Kindlly let me know in case of any further inputs required.

 

Regards,

Sethu V