Re: [TLS] SNI and tickets and resumption (Martin Rex) Mon, 11 August 2014 17:06 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 120E71A05C0 for <>; Mon, 11 Aug 2014 10:06:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wH8Iew-I-gtk for <>; Mon, 11 Aug 2014 10:06:23 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 624CB1A04A8 for <>; Mon, 11 Aug 2014 10:06:23 -0700 (PDT)
Received: from by (26) with ESMTP id s7BH6J1x028289 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 11 Aug 2014 19:06:19 +0200 (MEST)
In-Reply-To: <>
To: Brian Sniffen <>
Date: Mon, 11 Aug 2014 19:06:19 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <>
X-SAP: out
Cc: Adam Langley <>, " (" <>
Subject: Re: [TLS] SNI and tickets and resumption
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 Aug 2014 17:06:26 -0000

Brian Sniffen wrote:
> On the other hand, RFC 6066 also says:
>    A server that implements [SNI] MUST NOT accept the request
>    to resume the session if the server_name extension contains a
>    different name.  Instead, it proceeds with a full handshake to
>    establish a new session. 
> It doesn't sound like your server quite does that?

Correct, my server doesn't follow that formally provable invalid wording
above in the spec.  As I said, I only realized this fallacy in the spec
when I implemented it.

TLS session resumption is a performance optimization that happens at
the TLS level.  TLS server endpoint identification and selection/provisioning
of suitable server credentials is a matter of the application on top
of TLS.  Whether and how often the server uses resumption from
the cache or full handshake is the result of the caching&resumption
strategies & lifetimes of client plus server combined.

The purpose of SNI a hint from the client to the server which kind
of server endpoint identification the client is going to perform,
and the server may use that hint in selecting the most appropriate
server certificate.  If a full handshake and a session resumption
will result in the use of the exact same server certificate, then
the Server can freely choose which way to go (resume or full handshake),
provided that the client offers session resumption and the server
is capable of accepting it.

The server endpoint identification performed by the client is
an application-level matter, and ought to be performed independent
of whether a TLS session resumption of a TLS full handshake is performed.