OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled

author Jouni Malinen <quic_jouni@quicinc.com>

Mon, 2 May 2022 14:31:28 +0000 (17:31 +0300)

committer Jouni Malinen <j@w1.fi>

Mon, 2 May 2022 15:07:50 +0000 (18:07 +0300)
author Jouni Malinen <quic_jouni@quicinc.com>
Mon, 2 May 2022 14:31:28 +0000 (17:31 +0300)
committer Jouni Malinen <j@w1.fi>
Mon, 2 May 2022 15:07:50 +0000 (18:07 +0300)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c

index 240b8b8f7ee6932b9e692735951138de009b3066..388c6b0f4e4f4cc716f1322344585133fbe6cf62 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1112,6 +1112,9 @@ void * tls_init(const struct tls_config *conf)
  #endif
         } else {
                 SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_OFF);
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+               SSL_CTX_set_num_tickets(ssl, 0);
+#endif
         }
  
         if (tls_ex_idx_session < 0) {
author	Jouni Malinen <quic_jouni@quicinc.com>
	Mon, 2 May 2022 14:31:28 +0000 (17:31 +0300)
committer	Jouni Malinen <j@w1.fi>
	Mon, 2 May 2022 15:07:50 +0000 (18:07 +0300)