[gnutls-help] Repeated session resumption with TLS tickets
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Feb 24 10:26:04 CET 2015
On Tue, Feb 24, 2015 at 12:55 AM, Ross Lagerwall
<rosslagerwall at gmail.com> wrote:
> Hi,
> glib-networking (which uses gnutls) has a session cache such that after
> a connection handshake completes, it uses gnutls_session_get_data2 to
> retrieve and keep the session data. When another connection begins, it
> uses gnutls_session_set_data to reuse the data.
> However, this does not work properly with TLS tickets. After a session is
> resumed, the TLS tickets get stored in "resumed session data" which is
> not subsequently packed into the TLS session data again. Because of
> this, the third connection to a particular server is not properly resumed
> because the session data is missing the TLS tickets.
> I can change the code to only cache the session data if the session was
> not resumed, but I'd like to know if this is the correct thing to do or
> if gnutls should instead always store the TLS tickets in the session
> data?
This was the intention. The data should be saved when in non-resumed
sessions only. I'll try to make that clean in the documentation, if
you have any suggestions on that matter, they are welcome.
regards,
Nikos
More information about the Gnutls-help
mailing list