How to implement TLS 1.3 session resumption? about botan HOT 7 CLOSED

I figured it out!
Turns out, you need to update the Botan::TLS::Policy class to enable this feature!

struct tls_policy final : public Botan::TLS::Policy
{
  bool
  reuse_session_tickets() const override
  {
    return true;
  }

  ~tls_policy() override;
};

tls_policy::~tls_policy() = default;

this is all a user has to do and then et voila, I now see that all my TLS resumptions are happening as I'd expect.

from botan.

Alright, sounds good to me then!
I'll think about how to add this to a public API in a way that won't immediately make users groan.

from botan.

btw, as always, thanks for the help, @reneme
I really appreciate it.
This library is fantastic, and I appreciate the guidance in learning how to use it effectively.

from botan.

Hi! Actually, repeated resumption should also work without allowing session ticket reuse. In fact, reusing session tickets might not work for every TLS server as they are often meant for single-use.

By default, a Botan-based TLS 1.3 server will issue exactly one session ticket per successful handshake. It does that after a full handshake as well as after a resumed handshake. Your Botan-based TLS client will hold the session ticket in the Session_Manager_In_Memory and (by default) discard it after a single use.

If I understand correctly, your test performs one initial handshake and, after that succeeded, many more in parallel. Due to the default behavior described above, the parallel connection attempts will only find a single resumption ticket and hence only one of them will resume.

Instead of enabling reuse_session_tickets in the client policy, you should consider increasing the number in new_session_tickets_upon_handshake_success in the server's policy. By default this is set to "1". Be warned though, that this shouldn't be set too high. The tickets issued by default are currently quite large and require extra computation on the server.

from botan.

Interesting. Why increase the amount of usable session tickets vs just enable their reuse?

from botan.

FWIW: it's a recommendation of the RFC: https://datatracker.ietf.org/doc/html/rfc8446#appendix-C.4

from botan.

Note that TLS 1.3 allows sending session tickets at any time after the handshake is complete. See the API in TLS::Server:

You could simply provide a wrapper for this, instead of (or additionally to) some more complicated configuration construction.

from botan.