Openssl online documentation is not up to date:
"The new_session_cb() is called," ... "If the callback returns 0, the session will be immediately removed again."
Checking source code and archive doc:
"Return 1 if a 'copy' is required, otherwise, return 0. This return value just causes the reference count to be incremented (on return of a 1), this means the application does not need to worry about incrementing the refernece count (and the locking that implies in a multi-threaded application)."
When multiple hosts share a common session cache, TLS tickets need to
be shared as well. By default, keys protecting them are randomly
generated when SSL context is initialized.
With this patch, keys used to protect and encrypt TLS tickets are
generated from RSA private key.
The shared secret used to protect inter-node traffic and to generate
tickets is computed from the RSA private key using SHA384 (48
bytes). However, only the first 20 bytes are used to protect
inter-node traffic, with SHA1. This allows to keep performance of SHA1
to protect inside traffic and have good security with SHA384 for
traffic that can be tampered by an outsider.