Change the default number of NewSessionTickets we send to 2

Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5227)
author: Matt Caswell <matt@openssl.org> 2018-03-14 20:22:48 +0100
committer: Matt Caswell <matt@openssl.org> 2018-05-17 17:48:25 +0200
commit: 36ff232cf2bf5dfcaf9e60a8c492439428a243bb (patch)
tree: 8e2dfdd9d77088c4ce0245708b9c906daced0e2f /util
parent: Allow configuation of the number of TLSv1.3 session tickets via SSL_CONF (diff)
download: openssl-36ff232cf2bf5dfcaf9e60a8c492439428a243bb.tar.xz
openssl-36ff232cf2bf5dfcaf9e60a8c492439428a243bb.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm
index 8df0153d24..8c13520ec6 100644
--- a/util/perl/TLSProxy/Proxy.pm
+++ b/util/perl/TLSProxy/Proxy.pm
@@ -220,6 +220,12 @@ sub start
 
     my $execcmd = $self->execute
         ." s_server -max_protocol TLSv1.3 -no_comp -rev -engine ossltest"
+        #In TLSv1.3 we issue two session tickets. The default session id
+        #callback gets confused because the ossltest engine causes the same
+        #session id to be created twice due to the changed random number
+        #generation. Using "-ext_cache" replaces the default callback with a
+        #different one that doesn't get confused.
+        ." -ext_cache"
         ." -accept $self->{server_addr}:0"
         ." -cert ".$self->cert." -cert2 ".$self->cert
         ." -naccept ".$self->serverconnects;
author	Matt Caswell <matt@openssl.org>	2018-03-14 20:22:48 +0100
committer	Matt Caswell <matt@openssl.org>	2018-05-17 17:48:25 +0200
commit	36ff232cf2bf5dfcaf9e60a8c492439428a243bb (patch)
tree	8e2dfdd9d77088c4ce0245708b9c906daced0e2f /util
parent	Allow configuation of the number of TLSv1.3 session tickets via SSL_CONF (diff)
download	openssl-36ff232cf2bf5dfcaf9e60a8c492439428a243bb.tar.xz openssl-36ff232cf2bf5dfcaf9e60a8c492439428a243bb.zip