Re: [TLS] SNI and tickets and resumption

Adam Langley <> Fri, 08 August 2014 20:28 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 0EAED1A0197 for <>; Fri, 8 Aug 2014 13:28:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SkAtlLf7_Abb for <>; Fri, 8 Aug 2014 13:28:49 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c04::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4BA021A0109 for <>; Fri, 8 Aug 2014 13:28:49 -0700 (PDT)
Received: by with SMTP id c11so4271250lbj.9 for <>; Fri, 08 Aug 2014 13:28:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=WNHN/+E9j/VYJQ3offextRhLEExXkoAHiJnwQs84heA=; b=ePrUVWVJF2tHawt+h9VD7g4LwcEmBCr1C9NwqiKulg4qjwdGb8V7ZpKhoW1nVk2NGH i6YYMJlivCTNyRfvGJKqfqvTWQzfnHdXSfm8t/I+zrJWF6RdLCqcfjm3LaTU6JW8181f RDCBoFX0giSBOqp3BwxJMY2TSsyruDAuQBW9crsg+5fZIhIgCFpQK+eQ5wfCbHVL+3qa lDafDw6IBEhFHNlwqMDa8ouT0P+3aG6D8RcphpoEWC+FXCHCUU8ey/hDX08/mNkNTJeR TA3tr+dW9liZB2MLS6vmGf5OBqUxvouMnGVhFcSO0pO570omK9gxZlatNanqtA0DIr2p YSDQ==
MIME-Version: 1.0
X-Received: by with SMTP id xv1mr3907864lab.71.1407529727573; Fri, 08 Aug 2014 13:28:47 -0700 (PDT)
Received: by with HTTP; Fri, 8 Aug 2014 13:28:47 -0700 (PDT)
In-Reply-To: <>
References: <>
Date: Fri, 08 Aug 2014 13:28:47 -0700
X-Google-Sender-Auth: RZYQclDsycfX6ZGe_I07QpCq6_E
Message-ID: <>
From: Adam Langley <>
To: "Salz, Rich" <>
Content-Type: text/plain; charset="UTF-8"
Cc: " (" <>
Subject: Re: [TLS] SNI and tickets and resumption
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 08 Aug 2014 20:28:51 -0000

On Fri, Aug 8, 2014 at 1:18 PM, Salz, Rich <> wrote:
> Can a client connect with an SNI extension and then later on resume or send
> a ticket with a different SNI value?

In practice, often yes. However, whether you want to allow that is a
different matter. If you share ticket keys between different servers
you would want to ensure that a client's connection to one of them
can't be redirected to another unless the servers are identical.

At Google, we share ticket keys between servers, but the servers will
reject a resumption if any part of the ClientHello causes a different
certificate to be selected than was presented on the original
connection. Then services that don't route requests based on the Host
header are then given their own certificates to partition them.



Adam Langley