On Thu, Sep 16, 2021 at 04:11:49PM +0200, Hubert Kario wrote: > On Thursday, 16 September 2021 04:41:44 CEST, Jaya Muthiah wrote: > > > > I am trying to get the remaining lifetime of the ticket so that server > > can decide to renew ticket or not > > TLS 1.3 tickets are single use. If the ticket was used by a client, and > you expect it to make a connection in the future, server needs to send a new > one.
Single-use tickets are only a protocol requirement when 0-RTT data is used. The OpenSSL implementation even allows the libssl-internal enforcement of single-use to be disabled (see SSL_OP_NO_ANTI_REPLAY at https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html). OpenSSL as a client also has some measures to encourate single-use tickets, which I have a PR open to provide a knob to disable: https://github.com/openssl/openssl/pull/16598 . -Ben