TLS 1.3 session reuse (resumption) does not work (OpenSSL)

[mkauf]

I did this

I have tested SSL/TLS session reuse with TLS 1.3 and "openssl s_server".

With TLS 1.3, curl creates two SSL sessions:

./curl -k -v https://localhost:4433/ https://localhost:4433/

Output:

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
...
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384

With TLS 1.2, curl reuses the SSL session (as expected):

./curl -k -v --tls-max 1.2 https://localhost:4433/ https://localhost:4433/

Output:

New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
...
Reused, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384

I expected the following

SSL/TLS session reuse works with TLS 1.3

curl/libcurl version

curl 7.62.0-DEV (x86_64-pc-linux-gnu) libcurl/7.62.0-DEV OpenSSL/1.1.1 zlib/1.2.11 nghttp2/1.32.1
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy 

operating system

Linux

Hints

OpenSSL Wiki: TLS 1.3 - Sessions

curl should use the SSL_CTX_sess_set_new_cb function to set a "new session" callback.

Probably other SSL backends are also affected.

[ghedo]

The problem I think is that curl disables session ticket resumption, and only performs session ID resumption, which is not available in TLS 1.3 anymore. Support for session ticket resumption is also a requirement for TLS 1.3 0-RTT support.

[mkauf]

The problem I think is that curl disables session ticket resumption, and only performs session ID resumption, which is not available in TLS 1.3 anymore.

TLS 1.3 uses a new session resume mechanism, it's similar to the (old) session tickets, but it's not the same.