> On 26 Jul 2024, at 16:08, Robert Haas <robertmh...@gmail.com> wrote: > > On Fri, Jul 26, 2024 at 8:27 AM Daniel Gustafsson <dan...@yesql.se> wrote: >> Thanks for the report, I'll fix it. Buildfarm animal hamerkop also reminded >> me >> that I had managed to stash the old MSVC buildsystem changes >> (ENOTENOUGHCOFFEE) >> so fixing that at the same time. > > I was just looking at this commit and noticing that nothing in the > commit message explains why we want to turn off tickets. So then I > looked at the comments in the patch and that didn't explain it either. > So then I read through this thread and that also didn't explain it.
Sorry for the lack of detail, I probably Stockholm syndromed myself after having spent some time in this code. We turn off TLS session tickets for two reasons: a) we don't support TLS session resumption, and some resumption capable client libraries can experience connection failures if they try to use tickets received in the setup (Npgsql at least had this problem in the past); b) it's network overhead in the connection setup phase which doesn't give any value due to us not supporting their use. TLS tickets were disallowed in 2017 in 97d3a0b09 but as Andres found out, TLSv1.3 session tickets had a new API which we didn't call and thus issued tickets. > I don't doubt that you're doing the right thing here but it'd be nice > to document why it's the right thing someplace. I can add a summary of the above in the comment for future readers if you think that would be useful. -- Daniel Gustafsson