Hey,
>Yes, sorry, I didn't realize it earlier but that's not true for all
>OpenSSL versions. Starting with OpenSSL 1.0.0, tls1_process_ticket()
>will decline decrypting session tickets sent by the client if the
>session_secret_cb is in use:
>
> if (s->tls_session_secret_cb)
> {
> /* Indicate cache miss here and instead
>of
>
> * generating the session from ticket
>now,
>
> * trigger abbreviated handshake based
>on
>
> * external mechanism to calculate the
>master
>
> * secret later. */
> return 0;
> }
>
>There is even a nice comment about it, starting from 1.0.1 I believe:
>
> * If s->tls_session_secret_cb is set then we are expecting a pre-shared
>key
>
> * ciphersuite, in which case we have no use for session tickets and one
>will
>
> * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
Thank you for pointing this out, I missed it in my brief look of the code.
To me, this is reason enough to move to 1.0.2 (in addition to all the
other reasons given by you and Nenad).
I¹ll start prototyping the code using 1.0.2.
Just as a final point of clarification, I wasn¹t suggesting that we always
use the client¹s list as the preference for all the operations. The server
would still have chosen the cipher suite based on its priority list. We
would just limit the Signature Algorithm to one that the client prefers.
However, if we switch to 1.0.2, this is a moot point.
Thanks all for your feedback.
Are there any other comments regarding requiring 1.0.2 for this feature?
-Dave
