https://tools.ietf.org/html/rfc5246 (The Transport Layer Security (TLS) Protocol Version 1.2) describes the session resumption, also useful to speed up the TLS handshake. It is implemented by OpenSSL and JSSE. Implementation should have a public interface similar to the OpenSSL's SSL_CTX_add_session() to inject the sessions in the server cache.
The text was updated successfully, but these errors were encountered:
We have encountered (probably bad) embedded TLS client implementations that refuse to talk to Go TLS server because session ID resumption is not implemented, so we had to insert NGINX in front to make it work.
This would also be needed in order to support TLS resumption (at all) for iOS as based on my tests, this platform does not send session tickets (neither Safari nor apps), and there is no obvious way to unable it from NSURLSession.
This is terrifying: it looks like there are FTP servers that use session reuse as an authentication method across control and data connections, and some of them don't support session tickets, so need session IDs. secsy/goftp#49