Session ID or Session ticket?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Session ID or Session ticket?

John Jiang
Hi,
I'm using OpenSSL 1.1.1

I just use the below s_client command to test resumption.
openssl s_client -CAfile CA.cer -tls1_2 -sess_in openssl.sess -connect localhost:9443

Is there any option to take this tool to use only session id or session ticket for resumption?

Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Session ID or Session ticket?

Matt Caswell-2


On 27/05/2019 08:17, John Jiang wrote:
> Hi,
> I'm using OpenSSL 1.1.1
>
> I just use the below s_client command to test resumption.
> openssl s_client -CAfile CA.cer -tls1_2 -sess_in openssl.sess -connect
> localhost:9443
>
> Is there any option to take this tool to use only session id or session ticket
> for resumption?


The behaviour obviously partly depends on what the server supports. An OpenSSL
client will always use session id based resumption if possible and there is no
ticket sent from the server. If a ticket is provided it will use that instead,
unless you supply the "-no_ticket" option to s_client - which disables all
ticket support on the client.

Matt