[
https://issues.apache.org/jira/browse/TS-3742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14616035#comment-14616035
]
ASF GitHub Bot commented on TS-3742:
------------------------------------
Github user bgaff commented on a diff in the pull request:
https://github.com/apache/trafficserver/pull/241#discussion_r34001015
--- Diff: iocore/net/SSLUtils.cc ---
@@ -308,8 +308,10 @@ set_context_cert(SSL *ssl)
if (ctx != NULL) {
SSL_set_SSL_CTX(ssl, ctx);
#if HAVE_OPENSSL_SESSION_TICKETS
- // Reset the ticket callback if needed
- SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_callback_session_ticket);
+ if (SSL_CTX_get_options(ctx) & SSL_OP_NO_TICKET) {
--- End diff --
I'm not sure this is correct:
SSL_OP_NO_TICKET
Normally clients and servers will, where possible, transparently make use
of RFC4507bis tickets for stateless session resumption.
If this option is set this functionality is disabled and tickets will not
be used by clients or servers.
> ATS advertises TLS ticket extension even when disabled
> ------------------------------------------------------
>
> Key: TS-3742
> URL: https://issues.apache.org/jira/browse/TS-3742
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: Susan Hinrichs
> Assignee: Susan Hinrichs
>
> Noted by [~hreindl]. Even if you have ssl_ticket_enabled=0 on the relevant
> line in ssl_multicert.config, the Server Hello message will still contain the
> ticket tls extension.
> The problem is the code is blindly resetting the ticket callback on the
> context.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
