On 2022-05-05, Ted Unangst wrote: > On 2022-05-05, Theo Buehler wrote: > > On Thu, May 05, 2022 at 10:59:45AM +0200, Hiltjo Posthuma wrote: > > > Is this option currently enabled and working? I haven't been able to see > > > session resumption being used when testing uses OpenBSD ftp. > > > > Yes, it works, but only with TLSv1.2. For TLSv1.3 this needs support for > > PSK, which is not currently implemented. > > Should we default to TLS 1.2 if the user requests session resumption and > doesn't otherwise specify version?
Okay, I was a little confused. libtls already does this. If you request session support, it drops to tls 1.2. Everything seems fine.
