Hi! SSL_CTX_new currently contains:
/* Setup RFC4507 ticket keys */ if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) ret->options |= SSL_OP_NO_TICKET; followed by: /* Default is to connect to non-RI servers. When RI is more widely * deployed might change this. */ ret->options = SSL_OP_LEGACY_SERVER_CONNECT; So even if SSL_OP_NO_TICKET is set, it should be unset again due to a SSL_OP_LEGACY_SERVER_CONNECT default. Will SSL_OP_LEGACY_SERVER_CONNECT remain part of SSL_OP_ALL once SSL_OP_LEGACY_SERVER_CONNECT is no longer default? -- Tomas Hoger ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org