On Thu, Aug 10, 2023 at 03:56:31PM +0000, Mohammad Zolfaghari wrote:
> Openssl documentation explicitly says "SSL_set_session() is only
> useful for TLS/SSL clients" while we are transferring the session on
> the server side from one process to the another. Do you still think
> that using the session on the server side can prevent us from
> duplicating the key agreement phase?
The above is not very clear, but I'm guessing you're talking about TLS
session resumption across processes. Yes, this possible, by
implementing external session cache callbacks (as e.g. in Postfix where
multiple SMTP server processes consult a common session cache maintained
by the tlsmgr(8) helper process).
This requires the client to perform a second handshake, either over a
new connection, or after performing a two-way TLS shutdown on the
existing socket, and starting a fresh handshake, with, presumably at
that point, the second server process.
Note that in TLS 1.3 session resumption still in practice performs a DH
key exchange in most cases, you just get to avoid signing the key
exchange. You can, in principle arrange to configure only psk_ke (and
not psk_dhe_ke) on both ends, and then get a resumption without the cost
of a fresh DH key exchange, but this only works with coöperating
clients. Importantly, *all* clients then need to be happy to do psk_ke,
or else you get handshake failures.
You're wading into the deep end of the pool, perhaps you should stick
with more simple solutions.
--
Viktor.
