On Tue, Apr 24, 2018 at 10:21:28AM -0400, Viktor Dukhovni wrote:
>
>
> > On Apr 24, 2018, at 9:29 AM, Benjamin Kaduk wrote:
> >
> > To be clear, the current draft explicitly says "Servers SHOULD issue
> > new tickets with every connection." This is not a MUST, but is
> >
On Mon, Apr 23, 2018 at 09:34:18PM -0400, Viktor Dukhovni wrote:
>
>
> > On Apr 22, 2018, at 9:49 PM, Viktor Dukhovni
> > wrote:
> >
> > - Client-side diagnostics -
>
> On the server side I see that even when the ticket callback returns "0" to
> accept
> On Apr 22, 2018, at 9:49 PM, Viktor Dukhovni
> wrote:
>
> - Client-side diagnostics -
On the server side I see that even when the ticket callback returns "0" to
accept and not re-issue the ticket, a new ticket is requested anyway. I'd like
to be able
I tested a Postfix server and client built against OpenSSL 1.1.0,
using 1.1.1 run-time libraries. This exercised peer certificate
fingerprint matching and session resumption. No major issues.
The only interesting observations are:
* With TLS 1.3 a new session is generated even sessions are
On 23/04/18 02:49, Viktor Dukhovni wrote:
>
> I tested a Postfix server and client built against OpenSSL 1.1.0,
> using 1.1.1 run-time libraries. This exercised peer certificate
> fingerprint matching and session resumption. No major issues.
>
> The only interesting observations are:
>
>