On Fri, Jul 14, 2017 at 2:54 AM, Matt Caswell <m...@openssl.org> wrote:
> > > On 13/07/17 23:52, Neetish Pathak wrote: > > Hi All, > > Help with these queries please, > > > > 1) Is it possible to use external session files (with session info as > > identifiers or tickets for out of band resumption) for session > > resumption in TLS 1.2. Does it need some kind of callback like the way > > it is used in TLS 1.3 with (SSL_set_psk_find_session_callback) / > > SSL_set_psk_use_session_callback > > I'm not entirely clear what you're asking here. The callbacks you > mention are for setting up an external PSK in TLSv1.3. In TLSv1.3 we use > an SSL_SESSION object to encapsulate the PSK details. This is different > to session resumption, where the server sends the session details in a > NewSessionTicket message in one connection, so that we can "resume" it > in a later connection. > > So if your question is really "can you external session files for PSK in > TLSv1.2" then the answer is no. PSK works completely differently in > TLSv1.2. > Thanks Matt, Apologies for ambiguity in the question What I mean to ask is it possible to use out of band resumption in TLS 1.2? How I perform the resumption in my programs using TLS 1.2 is as follows : 1) Connect client to the server for the first time 2) when the server sends session id or tickets as the case may be, new_session_callback is invoked on the client side and I save the session in a pem file using PEM_write_bio_SSL_SESSION 3)Now when connecting client to the server next time, I read the session from the pem file and set using SSL_set_session. 4)Session resumption is initiated from the client side and the server works as expected since it had been caching the session and was not killed. I observe that the second connection (and subsequent connections) takes place using resumption. As per my understanding, this is called in-band resumption Now my question is if, I kill the server. I re-initialze the server and want to use the session(pem) file to connect to the server (this is a fresh connection which should take place using resumption). In that case, I will need to set the session on both the ends right? Is this approach correct? In that case, how should one implement it. This is out-of-band resumption for TLS 1.2 as per my understanding. Please correct me if I am wrong Thanks Best Regards, Neetish Thanks > > > > 2) In TLS 1.3, is early data not enabled for out of band PSK session > > resumption. Is it only possible with in-band session resumption. > > SSL_write_early_data always fails when I load a session from a session > > file to perform external PSK resumption before sending the session data. > > For in-band resumption it succeeds. > > Currently we only support early-data for ticket based resumption. You > cannot do it with an external PSK. However this PR (which is currently > going through review) will add that capability: > > https://github.com/openssl/openssl/pull/3926 > > Matt > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users