On 08/11/2022 06:09, Sethuraman Venugopal wrote:
Dear Team,
*Problem Statement* : The session is resumable, but still the session
does not have any tickets after calling SL_CTX_sess_set_new_cb() and
SSL_new_session_ticket()
This is the method *TLS_server_method* and *TLS_client_method* we are
using at server and client level respectively.
Please guide me in getting the session ticket at server and client level.
*Code snippet and the output at server side *
printf("\n The session resumable is : [%d]",
SSL_SESSION_is_resumable(SSL_get_session(ssl)));
*Output* : The session resumable is : [1]
// set an call back function at session to be triggered during sending
ticket to client
SL_CTX_sess_set_new_cb(ctx, new_session_cb);
printf("\nThe new session ticket : [%d]",SSL_new_session_ticket(ssl));
This requests that a new session ticket be sent, but doesn't actually
send it yet. From the docs:
"SSL_new_session_ticket() is used by a server application to request
that a new
ticket be sent when it is safe to do so. New tickets are only allowed to be
sent in this manner after the initial handshake has completed, and only for
TLS 1.3 connections. By default, the ticket generation and transmission are
delayed until the server is starting a new write operation, so that it is
bundled with other application data being written and properly aligned to a
record boundary."
So, this will only work if you have negotiated TLSv1.3, and the ticket
will only be sent the next time you call `SSL_write()`.
*Output* : The new session ticket : [1]
printf("\nThe session has ticket
[%d]",SSL_SESSION_has_ticket(SSL_get0_session(ssl)));
*Output* : The session has ticket [0]
*// Able to set the ticket appdata at server and able to retrevie the
value at server level but not at client level*
SSL_SESSION_set1_ticket_appdata(SSL_get_session(ssl), m_ServerChallenge,
32);
Ticket app data gets encrypted into the session ticket when the server
creates it. The client never decrypts a session ticket - its just a
"blob" of data. App data set on the server side is not accessible to the
client.
Matt
unsigned char m_ServerChallenge1[32];
unsigned int sid_ctx_len1 = 0;
SSL_SESSION_get0_ticket_appdata(SSL_get_session(ssl),m_ServerChallenge1,
&sid_ctx_len1);
*// Able to print the above value at server side,but not able to get the
same at client side.*
Regards,
Sethu V
