On Thu, May 05, 2022 at 08:36:36PM -0400, Ted Unangst wrote: > On 2022-05-05, Ted Unangst wrote: > > On 2022-05-05, Theo Buehler wrote: > > > On Thu, May 05, 2022 at 10:59:45AM +0200, Hiltjo Posthuma wrote: > > > > Is this option currently enabled and working? I haven't been able to see > > > > session resumption being used when testing uses OpenBSD ftp. > > > > > > Yes, it works, but only with TLSv1.2. For TLSv1.3 this needs support for > > > PSK, which is not currently implemented. > > > > Should we default to TLS 1.2 if the user requests session resumption and > > doesn't otherwise specify version? > > Okay, I was a little confused. libtls already does this. > > If you request session support, it drops to tls 1.2. Everything seems fine.
It does not. If you pass -S session=mysession.pem to ftp and the server talks TLSv1.3, you get a TLSv1.3 session on disk which you can't resume due to lack of PSK support. This is what triggered this question. Once you have a resumable session on disk, libtls will resume it automatically, but that currently means the initial connection must have used the legacy stack. While we could readily make libssl fall back to the legacy stack if SSL_OP_NO_TICKET is disabled, I don't think this optimization outweighs the overall benefit of TLSv1.3 - better protocol, cleaner code. The real fix is to implement PSK support. It will come at some point.
