TLS session resumption code not used on server any more? #1144
Description
Hi all,
I'm trying and failing to get TLS session resumption working with libtls.
I'm using libtls on both the client and server.
I have set
tls_config_set_session_lifetime(tls_configuration, 3600 * 24); on the server and
tls_config_set_session_fd on the client.
However, tls_conn_session_resumed() is returning 0.
Looking through the libressl code, It appears to me that the server-side session resumption code is not even called with TLS 1.3. (and probably not with other TLS versions).
Contrast:
libressl-3.5.2\ssl\ssl_srvr.c, in ssl3_get_client_hello():
i = ssl_get_prev_session(s, &session_id, &ext_block, &al);
if (i == 1) { /* previous session */
s->internal->hit = 1;
} else if (i == -1)
goto fatal_err;
else {
/* i == 0 */
if (!ssl_get_new_session(s, 1))
goto err;
}
in libressl-3.5.2\ssl\tls13_server.c in tls13_server_init():
if (!ssl_get_new_session(s, 0)) /* XXX */
return 0;
I don't see any calls to ssl_get_prev_session() in tls13_server.c, and the XXX comment is very suspcious.
The issue remains with libressl 4.0.
Am I missing something here? Can anyone confirm TLS session resumption is working with a TLS 1.3 server?
Cheers,
Nick