Hi All,
I am in process of using TLS1.3 using openssl 1.1.1b version in my client
application. In order to use session resumption, I have implemented an external
cache when acting as the client. The key to the cache is combination of host
and port and the value associated is SSL_SESSION*. Before calling
ssl_connect, I am checking if the entry corresponding to the key exists in the
map. If it exists, I am calling SSL_set_session. After ssl_connect, I am
checking if the session is reused or not using SSL_Session_Reused. If its not
reused, I am inserting the new session obtained as a result of call to
SSL_get1_session() in the map.
Pseudo code is as follows:
std::map<std::string, SSL_SESSION*> sessionCache;/* Generate an SSL client
context. */SSL_CTX* ctx = SSL_CTX_new(TLS_method());SSL* ssl = SSL_new(ctx);
//Check if we have a stored session it = sessionCache.find (key);if (it !=
sessionCache.end()) { SSL_set_session (ssl, it->second)}
SSL_connect(ssl);int reUsed = SSL_session_reused(ssl);if (!reUsed) { session =
SSL_get1_session(ssl); sessionCache.insert (key, session);}
The above flow works well using TLS1.2. I can see that SSL_session_reused
returns true in the second connection.
But the same flow does not work for TLS1.3. In TLSv1.3, sessions are
established after the main handshake has completed. So, I have implemented the
callback SSL_CTX_sess_set_new_cb. And in the callback, I am storing the
session into the cache. In subsequent connections, the session is present in
the map, SSL_set_session API returns true. But SSL_session_reused is always
returning false.
I have the following queries:1. Is the above mentioned approach applicable for
TLS 1.3? 2. There is a mention that PreShared keys are used for session
resumption in TLS1.3. Can someone please clarify, how should I make my client
send psk using openssl for subsequent connection?
