Re: Not able to retreive session ticket both at server and client level

2022-11-08 Thread Matt Caswell 




On 08/11/2022 06:09, Sethuraman Venugopal wrote:

Dear Team,

*Problem Statement* : The session is resumable, but still the session 
does not have any tickets after calling SL_CTX_sess_set_new_cb() and 
SSL_new_session_ticket()


This is the method *TLS_server_method* and *TLS_client_method* we are 
using at server and client level respectively.


Please guide me in getting the session ticket at server and client level.

*Code snippet and the output at server side *

printf("\n The session resumable is : [%d]", 
SSL_SESSION_is_resumable(SSL_get_session(ssl)));


*Output* : The session resumable is : [1]

// set an call back function at session to be triggered during sending 
ticket to client


SL_CTX_sess_set_new_cb(ctx, new_session_cb);

printf("\nThe new session ticket : [%d]",SSL_new_session_ticket(ssl));


This requests that a new session ticket be sent, but doesn't actually 
send it yet. From the docs:


"SSL_new_session_ticket() is used by a server application to request 
that a new

ticket be sent when it is safe to do so.  New tickets are only allowed to be
sent in this manner after the initial handshake has completed, and only for
TLS 1.3 connections.  By default, the ticket generation and transmission are
delayed until the server is starting a new write operation, so that it is
bundled with other application data being written and properly aligned to a
record boundary."

So, this will only work if you have negotiated TLSv1.3, and the ticket 
will only be sent the next time you call `SSL_write()`.






*Output* : The new session ticket : [1]

printf("\nThe session has ticket 
[%d]",SSL_SESSION_has_ticket(SSL_get0_session(ssl)));


*Output* : The session has ticket [0]

*// Able to set the ticket appdata at server and able to retrevie the 
value at server level but not at client level*


SSL_SESSION_set1_ticket_appdata(SSL_get_session(ssl), m_ServerChallenge, 
32);


Ticket app data gets encrypted into the session ticket when the server 
creates it. The client never decrypts a session ticket - its just a 
"blob" of data. App data set on the server side is not accessible to the 
client.


Matt



unsigned char m_ServerChallenge1[32];

unsigned int sid_ctx_len1 = 0;

SSL_SESSION_get0_ticket_appdata(SSL_get_session(ssl),m_ServerChallenge1, 
&sid_ctx_len1);


*// Able to print the above value at server side,but not able to get the 
same at client side.*


Regards,

Sethu V

Not able to retreive session ticket both at server and client level

2022-11-07 Thread Sethuraman Venugopal 
Dear Team,

Problem Statement : The session is resumable, but still the session does not 
have any tickets after calling SL_CTX_sess_set_new_cb() and 
SSL_new_session_ticket()

This is the method TLS_server_method and TLS_client_method we are using at 
server and client level respectively.

Please guide me in getting the session ticket at server and client level.

Code snippet and the output at server side

printf("\n The session resumable is : [%d]", 
SSL_SESSION_is_resumable(SSL_get_session(ssl)));
Output : The session resumable is : [1]
// set an call back function at session to be triggered during sending ticket 
to client
SL_CTX_sess_set_new_cb(ctx, new_session_cb);
printf("\nThe new session ticket : [%d]",SSL_new_session_ticket(ssl));
Output : The new session ticket : [1]
printf("\nThe session has ticket 
[%d]",SSL_SESSION_has_ticket(SSL_get0_session(ssl)));
Output : The session has ticket [0]

// Able to set the ticket appdata at server and able to retrevie the value at 
server level but not at client level
SSL_SESSION_set1_ticket_appdata(SSL_get_session(ssl), m_ServerChallenge, 32);
unsigned char m_ServerChallenge1[32];
unsigned int sid_ctx_len1 = 0;
SSL_SESSION_get0_ticket_appdata(SSL_get_session(ssl),m_ServerChallenge1, 
&sid_ctx_len1);
// Able to print the above value at server side,but not able to get the same at 
client side.

Regards,
Sethu V