On Thu, Jul 23, 2015 at 08:21:11PM +0000, Viktor Dukhovni wrote: > Postfix happily sends session tickets and resuming sessions even > though it is using SSLv23_client_method(), and there is no server-side > session cache (I made sure the client connets to a different server > process between the initial handshake and the resumption, and that > there is no "external" cache configured.) Output summary:
I'd assume this is with the more standard TLS SessionTicket which is not what EAP-FAST is.. > The order of events is: > > /* Once only */ > ctx = SSL_CTX_new(SSLv23_client_method()); > > /* Per connection */ > ssl = SSL_new(ctx); > > /* Protocol support varies per server, so not set via global context */ > SSL_set_options(...); This is all same.. > /* restore appropriate session from the client cache */ > session = ... ; > if (session) > SSL_set_session(ssl, session); > > SSL_connect(ssl); While this is not. > What are you doing to associate a previous session with a new SSL > connection? With EAP-FAST, I don't really have a cached session in this sense for deriving the keys and information for ClientHello. Instead of SSL_set_session(), I'm only calling SSL_set_session_ticket_ext() before SSL_connect() to provide the externally (to OpenSSL) stored SessionTicket data. With TLSv1_method(), this data goes out in ClientHello; with SSLv23_method() it does not (only an empty request for standard session ticket included, not the SessionTicket from EAP-FAST PAC data). If I were to store the TLS session during which the EAP-FAST PAC was provisioned and then issue SSL_set_session() with it here, I would indeed get abbreviated handshake with that session (non-empty Session ID in ClientHello), but that's not how EAP-FAST works. The Session ID is supposed to be empty here and instead of the standard session ticket mechanism, the keys get from SSL_set_session_secret_cb() registered callback function which derives the secret in EAP-FAST specific way (master_secret = T-PRF(PAC-Key, "PAC to master secret label hash", server_random + client_random, 48)). -- Jouni Malinen PGP id EFC895FA _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
