Hello openssl-dev team, Having query regarding DTLS session resumption when configured SSL_CTX with DTLS_ANY_VERSION.
When we select SSL_CTX with DTLS_ANY_VERSION, method will be of DTLS_Server_method(), which will have ssl_ctx->version as 0xFEFD to support both the versions (i.e. DTLS1.0 and DTLS1.2). During handshake, we landed on to version DTLS1.0.i.e. s->session->version holds 0xFEFF. In order to perform session resumption, we derived new SSL structure from global ssl_ctx using SSL_new() and tried performing ssl handshake. With the below logic, else { i = ssl_get_prev_session(s, p, j, d + n); /* * Only resume if the session's version matches the negotiated * version. * RFC 5246 does not provide much useful advice on resumption * with a different protocol version. It doesn't forbid it but * the sanity of such behaviour would be questionable. * In practice, clients do not accept a version mismatch and * will abort the handshake with an error. */ if (i == 1 && s->version == s->session->ssl_version) { /* previous * session */ s->hit = 1; } else if (i == -1) goto err; else { /* i == 0 */ if (!ssl_get_new_session(s, 1)) goto err; } Since s->version is with 0xFEFD and s->session->ssl_version is 0xFEFF, we always try for new session and wont land on to session resumption though client has sent the session_id. Is this intended behaviour? Please clarify. Thanks, Rajeswari.
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev