[gnutls-help] Repeated session resumption with TLS tickets

Ross Lagerwall rosslagerwall at gmail.com
Tue Feb 24 10:30:41 CET 2015


On Tue, Feb 24, 2015 at 9:26 AM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On Tue, Feb 24, 2015 at 12:55 AM, Ross Lagerwall
> <rosslagerwall at gmail.com> wrote:
>> Hi,
>> glib-networking (which uses gnutls) has a session cache such that after
>> a connection handshake completes, it uses gnutls_session_get_data2 to
>> retrieve and keep the session data. When another connection begins, it
>> uses gnutls_session_set_data to reuse the data.
>> However, this does not work properly with TLS tickets.  After a session is
>> resumed, the TLS tickets get stored in "resumed session data" which is
>> not subsequently packed into the TLS session data again.  Because of
>> this, the third connection to a particular server is not properly resumed
>> because the session data is missing the TLS tickets.
>> I can change the code to only cache the session data if the session was
>> not resumed, but I'd like to know if this is the correct thing to do or
>> if gnutls should instead always store the TLS tickets in the session
>> data?
>
> This was the intention. The data should be saved when in non-resumed
> sessions only. I'll try to make that clean in the documentation, if
> you have any suggestions on that matter, they are welcome.
>

Thanks for clearing that up.

I would suggest something like:
"gnutls_session_get_data2 should be used to cache session data only
when a session is created, i.e. when gnutls_session_is_resumed returns
false."



More information about the Gnutls-help mailing list