Skip to content

S26.04: Client-side session resumption — mbedTLS backend #487

Description

@DavidCozens

Parent epic: #279 (E26: TLS Hardening)
Sibling: #280 (S26.01 — OpenSSL backend). Independent work; mirrors the
OpenSSL story's behaviour on the Mbed TLS backend.

Background

SolidSyslogMbedTlsStream
(Platform/MbedTls/Source/SolidSyslogMbedTlsStream.c) does a fresh full
handshake on every (re)connect. Under S12.14's fail-fast reconnect model
that is the dominant cost of the reconnect loop on constrained targets —
the same problem #280 solves for the OpenSSL backend.

Mbed TLS supports client-side resumption via the saved-session API
(mbedtls_ssl_get_session / mbedtls_ssl_set_session), gated on
MBEDTLS_SSL_SESSION_TICKETS (client) being enabled in the integrator's
mbedtls config.

Scope

  • Slice 1 — config check. Confirm MBEDTLS_SSL_SESSION_TICKETS is
    enabled in the mbedtls config used by the cpputest-freertos image /
    Tests/MbedTlsIntegration; document the integrator requirement in
    docs/integrating-mbedtls.md.
  • Capture the negotiated session after a successful handshake with
    mbedtls_ssl_get_session() into one saved mbedtls_ssl_session per
    MbedTlsStream instance.
  • Feed it back via mbedtls_ssl_set_session() before the handshake on
    the next connect of the same instance.
  • Free the saved session (mbedtls_ssl_session_free) on Close /
    Destroy.
  • One session per stream — no destination multiplexing inside a Stream.
  • Graceful fallback. No saved session / no ticket / expired →
    full handshake, message still delivered. Resumption is best-effort.

Verification

  • Unit (mbedtls fake, Tests/SolidSyslogMbedTlsStreamTest.cpp):
    assert the saved session is captured after handshake, fed via
    mbedtls_ssl_set_session on the second connect, and freed on
    Close / Destroy.
  • Integration (real Mbed TLS,
    Tests/MbedTlsIntegration/SolidSyslogMbedTlsStreamIntegrationTest.cpp,
    run as the integration-linux-mbedtls CI check): force a same-stream
    reconnect and confirm the second handshake took the abbreviated path,
    plus a non-resuming-peer fallback case.

⚠️ Mbed TLS has no direct SSL_session_reused() equivalent. The
resumption assertion needs a chosen observable — compare the resumed
session id against the saved one, or instrument the in-test server to
report it. Settling this observable is the main risk/effort delta over
the OpenSSL story (#280).

Out of scope

  • TLS 1.3 0-RTT (early data).
  • Server-side ticket handling (we're a client).

Acceptance

  • Integration test forces a same-stream reconnect and confirms an
    abbreviated (resumed) handshake on the second connect.
  • Non-resuming peer falls back to a full handshake and still delivers.
  • Coverage stays at 100% line/branch.

Metadata

Metadata

Assignees

No one assigned

    Labels

    storyStory issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions