Confused about client side session caching

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Confused about client side session caching

Angus Robertson - Magenta Systems Ltd
I'm reading the TLSv1.3 notes that suggest SSL_CTX_sess_set_get_cb is
called for both clients and servers, but am confused by the
documentation.

The 1.1.1 manual page still starts 'provide callback functions for
server side external session caching' with no mention of clients.  

I'm updating code that supports 1.0.2 to 1.1.1 for external session
caching, for clients and servers, so particularly interested when
client session callbacks arrived.  

The TLSv1.3 notes suggest the callback worked for clients in 1.1.0, a
quick test suggests it actually gets called in 1.0.2 as well.  Is this
correct?

Has OpenSSL internal session caching improved over the years so that
external caching is no longer necessary?  

Angus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Confused about client side session caching

Matt Caswell-2


On 07/06/18 19:48, Angus Robertson - Magenta Systems Ltd wrote:
> I'm reading the TLSv1.3 notes that suggest SSL_CTX_sess_set_get_cb is
> called for both clients and servers, but am confused by the
> documentation.
>

The get_session_cb is only ever called for servers. The new_sesion_cb
and remove_session_cb can be called for clients and servers.

When you refer to the the "TLSv1.3 notes" do you mean this page?
https://wiki.openssl.org/index.php/TLS1.3

I couldn't see anywhere on there that suggests that get_session_cb is
called on clients.

> The 1.1.1 manual page still starts 'provide callback functions for
> server side external session caching' with no mention of clients.  

Ah, good point. That needs fixing. As I said above the new_session_cb
and remove_session_cb can be called for clients.

>
> I'm updating code that supports 1.0.2 to 1.1.1 for external session
> caching, for clients and servers, so particularly interested when
> client session callbacks arrived.  
>
> The TLSv1.3 notes suggest the callback worked for clients in 1.1.0, a
> quick test suggests it actually gets called in 1.0.2 as well.  Is this
> correct?

I think new_session_cb and remove_session_cb should work in 1.0.2 on
clients.

> Has OpenSSL internal session caching improved over the years so that
> external caching is no longer necessary?  

Not much has changed here. It was never "necessary" on the server side -
but of course it depends on what you are trying to do and whether it is
appropriate for your needs. Client side caching is a bit more "limited"
in its usefulness :-)

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Confused about client side session caching

Angus Robertson - Magenta Systems Ltd
> The get_session_cb is only ever called for servers. The
> new_sesion_cb and remove_session_cb can be called for clients and
> servers.
>
> When you refer to the the "TLSv1.3 notes" do you mean this page?
> https://wiki.openssl.org/index.php/TLS1.3

Yes, sorry I should have said SSL_CTX_sess_set_new_cb not set_get_cb.  

> I think new_session_cb and remove_session_cb should work in 1.0.2
> on clients.

Good, that ties in with my testing, just not with the notes where you
said it worked for clients in 1.1.0, suggesting it might have been
introduced then.  

Angus

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Confused about client side session caching

Matt Caswell-2


On 08/06/18 10:18, Angus Robertson - Magenta Systems Ltd wrote:

>> The get_session_cb is only ever called for servers. The
>> new_sesion_cb and remove_session_cb can be called for clients and
>> servers.
>>
>> When you refer to the the "TLSv1.3 notes" do you mean this page?
>> https://wiki.openssl.org/index.php/TLS1.3
>
> Yes, sorry I should have said SSL_CTX_sess_set_new_cb not set_get_cb.  
>
>> I think new_session_cb and remove_session_cb should work in 1.0.2
>> on clients.
>
> Good, that ties in with my testing, just not with the notes where you
> said it worked for clients in 1.1.0, suggesting it might have been
> introduced then.  

Ah, no. It wasn't the intention to imply that. I amended the text on the
wiki page.

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Confused about client side session caching

Viktor Dukhovni
In reply to this post by Matt Caswell-2


> On Jun 8, 2018, at 4:03 AM, Matt Caswell <[hidden email]> wrote:
>
> I think new_session_cb and remove_session_cb should work in 1.0.2 on
> clients.

This has worked since before 0.9.8.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users