On Mon, Apr 23, 2018 at 09:34:18PM -0400, Viktor Dukhovni wrote:
> 
> 
> > On Apr 22, 2018, at 9:49 PM, Viktor Dukhovni <openssl-us...@dukhovni.org> 
> > wrote:
> > 
> > ----- Client-side diagnostics -----
> 
> On the server side I see that even when the ticket callback returns "0" to 
> accept and not re-issue the ticket, a new ticket is requested anyway.  I'd 
> like to be able to control this, and not issue new tickets when the present 
> ticket is acceptable.  If this requires new API entry points, I can condition 
> them on a suitable min library version.  But ideally the callback return 
> value will be honoured, I don't yet see why we would not do that.

To be clear, the current draft explicitly says "Servers SHOULD issue
new tickets with every connection."  This is not a MUST, but is
perhaps strong enough guidance to merit overriding the existing
ticket callback semantics.

-Ben
_______________________________________________
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Reply via email to