On Thu, Sep 15, 2022 at 01:16:33PM +0000, Fries, Steffen wrote:
> I was just double checking if there was an answer to the question of
> using the TLS renegotiation extension from RFC 5746 in the context of
> TLS session resumption. As stated below, based on the RFC it is not
> crystal clear if it applies. In general I would think yes, but only
> for session resumption based on the sessionID, not based on tickets.
There should be no difference between (server-side) stateful and
stateless resumption. The server should serialise into the session
ticket sufficient information to allow it to fully recover the session,
as though it were cached locally to facilitate stateful resumption.
This is the case at least with OpenSSL, the session ticket contains and
encrypted and MACed serialised SSL_SESSION object, in exactly the same
form as it would have in a server-side session cache.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
