The NewSessionTicket message is not optional. (c45d6b2b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit c45d6b2b authored Mar 05, 2016 by

David Benjamin Committed by Matt Caswell May 13, 2016

The NewSessionTicket message is not optional.



Per RFC 4507, section 3.3:

   This message [NewSessionTicket] MUST be sent if the
   server included a SessionTicket extension in the ServerHello.  This
   message MUST NOT be sent if the server did not include a
   SessionTicket extension in the ServerHello.

The presence of the NewSessionTicket message should be determined
entirely from the ServerHello without probing.

RT#4389

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

parent afdd82fb

Hide whitespace changes

Inline Side-by-side

Please register or to comment