git.ipfire.org Git - thirdparty/openssl.git/commit

author	Daniel Kubec <kubec@openssl.foundation>
	Mon, 30 Mar 2026 11:43:41 +0000 (13:43 +0200)
committer	Tomas Mraz <tomas@openssl.foundation>
	Wed, 20 May 2026 15:41:40 +0000 (17:41 +0200)
commit	e5a18924e261cffd7cec0fd7d131f892d196f144
tree	87eafa2e3d120a84d4de33edca466fc1e6aa57bc	tree \| snapshot
parent	e6f5ed33f143aa4aab38172f3dcc160e2ef71c52	commit \| diff

TLS1.3: Disable tickets when SSL_OP_NO_TICKET and SSL_SESS_CACHE_OFF are set.

Do not issue TLS 1.3 session tickets if the server has explicitly disabled
them via SSL_OP_NO_TICKET and also disabled the session cache with
SSL_SESS_CACHE_OFF. Together, these settings clearly indicate an intent to
suppress session resumption; sending NewSessionTicket messages in this case
would be wasteful and misleading.

From the server’s perspective, a client that does not advertise
psk_key_exchange_modes in TLS 1.3, or that sends it with RFC 9149 parameters
such as new_session_count = 0 or resumption_count = 0, is effectively
signaling no interest in session tickets or resumption.

RFC 8446 section 4.2.9: Servers MUST NOT select a key exchange mode that is
not listed by the client. This extension also restricts the modes for use
with PSK resumption. Servers SHOULD NOT send NewSessionTicket with tickets
that are not compatible with the advertised modes; however, if a server does
so, the impact will just be that the client's attempts at resumption fail.

Fixes #8077

Signed-off-by: Daniel Kubec <kubec@openssl.foundation>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Wed May 20 15:42:00 2026
(Merged from https://github.com/openssl/openssl/pull/30639)

ssl/statem/statem_srvr.c		diff \| blob \| blame \| history
test/build.info		diff \| blob \| blame \| history
test/recipes/70-test_tls13ticket.t		diff \| blob \| blame \| history
test/tls13tickettest.c		diff \| blob \| blame \| history