Emilia Käsper <emi...@openssl.org> wrote: > On Fri, Mar 27, 2015 at 10:40 PM, Brian Smith <br...@briansmith.org> wrote: >> If OpenSSL's client code were changed to always use an empty session >> ID when attempting resumption using a session ticket, then the >> EAP-FAST case wouldn't be different from the general session ticket >> resumption case. I think that this is a cleaner approach. > > 1) The way EAP-FAST diverges from 5246 and 5077 is indeed quite > unfortunate. The lookahead is messy, and hard to get right - I don't want > another "early CCS" due to lack of determinism in the state machine. Setting > the session ID is much cleaner. So, I'd rather put in a workaround that is > specific to EAP-FAST and doesn't affect regular handshakes.
The added complexity of having a special case for EAP-FAST seems worse to me. After all, it's not OK to have EAP-FAST be non-secure, and so it is important to have the no-session-ID case be correct regardless. > 2) Removing the session ID upon resumption would be a big change in > behaviour that I don't think would qualify for a stable branch anyway unless > there was a security or regression issue behind it. Fair enough. I have no idea what the compatibility problems might arise. If I have some time, I might try to change one of the web browsers to do this, to see what happens. If I do, I'll report back. Cheers, Brian _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev