On 07/30 08:06, Theo Buehler wrote: > On Wed, Jul 29, 2020 at 02:57:33PM -0700, Jeremy Evans wrote: > > After an OpenBSD upgrade, one of Ruby's tests for SSL session > > reuse started to fail. After some debugging, I have found that > > if a maximum SSL version is not set by a client, then session > > reuse does not work. Setting a minimum version does not have > > an effect. > > This is an expected side-effect of switching TLS_method() to default to > TLSv1.3 > > https://github.com/openbsd/src/commit/94149d15d762bdbf7eef74c417c53d2b8dc7dd12 > > By setting the max version to TLSv1 with :TLS1 (or any of the other > defined versions :TLS1_1 or :TLS1_2), you use the legacy stack which > supports session resumption. The minimum version is already TLSv1, so > setting the minimum version to :TLSv1 has no effect. > > In TLSv1.3, the session resumption feature has been merged with > pre-shared keys, which we may eventually support, but that's not going > to happen very soon: > > https://tools.ietf.org/html/rfc8446#page-15
Theo, Thank you very much for the information. I'll try to get a change committed upstream now that I know the behavior is expected. Thanks, Jeremy
