Avoid producing stateful cache entries when TLS 1.3 is negotiated

author Nick Porter <nick@portercomputing.co.uk>

Tue, 1 Jul 2025 16:58:32 +0000 (17:58 +0100)

committer Nick Porter <nick@portercomputing.co.uk>

Tue, 1 Jul 2025 17:14:37 +0000 (18:14 +0100)
author Nick Porter <nick@portercomputing.co.uk>
Tue, 1 Jul 2025 16:58:32 +0000 (17:58 +0100)
committer Nick Porter <nick@portercomputing.co.uk>
Tue, 1 Jul 2025 17:14:37 +0000 (18:14 +0100)
diff --git a/src/lib/tls/cache.c b/src/lib/tls/cache.c

index ac3fb6e2b246cc39096843b104014f663adcaa8b..bab31a58700123c927d79668e1af8b1bece995f9 100644 (file)
--- a/src/lib/tls/cache.c
+++ b/src/lib/tls/cache.c
@@ -742,6 +742,15 @@ static int tls_cache_store_cb(SSL *ssl, SSL_SESSION *sess)
          *      resumption.
          */
         tls_session = fr_tls_session(ssl);
+
+       /*
+        *      If the session is TLS 1.3, then resumption will be handled by a
+        *      session ticket.  However, if this callback is defined, it still
+        *      gets called.
+        *      To avoid unnecessary entries in the stateful cache just return.
+        */
+       if (tls_session->info.version == TLS1_3_VERSION) return 0;
+
         request = fr_tls_session_request(tls_session->ssl);
         tls_cache = tls_session->cache;
author	Nick Porter <nick@portercomputing.co.uk>
	Tue, 1 Jul 2025 16:58:32 +0000 (17:58 +0100)
committer	Nick Porter <nick@portercomputing.co.uk>
	Tue, 1 Jul 2025 17:14:37 +0000 (18:14 +0100)