On Mon, Apr 23, 2018 at 09:34:18PM -0400, Viktor Dukhovni wrote: > > > > On Apr 22, 2018, at 9:49 PM, Viktor Dukhovni <openssl-us...@dukhovni.org> > > wrote: > > > > ----- Client-side diagnostics ----- > > On the server side I see that even when the ticket callback returns "0" to > accept and not re-issue the ticket, a new ticket is requested anyway. I'd > like to be able to control this, and not issue new tickets when the present > ticket is acceptable. If this requires new API entry points, I can condition > them on a suitable min library version. But ideally the callback return > value will be honoured, I don't yet see why we would not do that.
To be clear, the current draft explicitly says "Servers SHOULD issue new tickets with every connection." This is not a MUST, but is perhaps strong enough guidance to merit overriding the existing ticket callback semantics. -Ben _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project