TLS session resumption reuses previously negotiated keying material to shorten handshakes and reduce CPU and network overhead. Resumption saves latency and power on constrained devices by avoiding a full handshake when a safe cached session is available.—–Understanding Session IDs and Tickets
Session IDs are a server-issued identifier used by TLS ? 1.2 where the server stores per-client state and the client presents the ID to request resumption. Session tickets carry encrypted session state that the server issues to the client; the client stores the ticket and presents it for resumption, which lets the server avoid per-client caches.
TLS 1.3 favors PSK/ticket-based resumption and commonly issues tickets after the handshake completes. wolfSSL supports both approaches and exposes simple client APIs to capture and present session objects for resumption.Using wolfSSL APIs for Session Resumption
- Capture Session: Use wolfSSL_get1_session immediately after a completed handshake to obtain a reference-counted WOLFSSL_SESSION object that encapsulates the negotiated keying material. The get1 semantic means the call returns a new reference that the caller owns and must release when finished, so hold the session only as long as you intend to reuse it.
- Set Session: Use wolfSSL_set_session before initiating a new connection to attach a previously obtained WOLFSSL_SESSION object to a new WOLFSSL instance. Presenting the session signals to the server that the client requests resumption; success depends on server policy, session validity, and protocol compatibility.
- Free Session: Always free the WOLFSSL_SESSION object you obtained with wolfSSL_get1_session when you no longer need it. Failing to release that owned reference produces a memory leak. Depending on your wolfSSL build and API, free the session with the appropriate session-free API (for example wolfSSL_SESSION_free) or follow your project’s ownership conventions.
The example below shows a concise in-process client flow: capture the session after one connection, reuse it for a later connection, and free the session when done.
#include < wolfssl/options.h >
#include < wolfssl/ssl.h >
/* Capture a session after a successful handshake, reuse it, then free it. */
void reuse_session(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
{
WOLFSSL_SESSION* sess = NULL;
WOLFSSL* ssl2 = NULL;
/* Assume 'ssl' completed a successful handshake. Capture a new owned reference. */
sess = wolfSSL_get1_session(ssl);
if (sess == NULL) {
/* No resumable session available; proceed without reuse. */
return;
}
/* Create a new WOLFSSL object for a fresh connection. */
ssl2 = wolfSSL_new(ctx);
if (ssl2 == NULL) {
/* Allocation error. Release the session before returning. */
wolfSSL_SESSION_free(sess);
return;
}
/* Attach the captured session to the new connection before connect. */
if (wolfSSL_set_session(ssl2, sess) != WOLFSSL_SUCCESS) {
/* Session could not be attached; the new connection will perform a full handshake. */
}
/* Perform the connect/handshake on ssl2 (server may accept resumption). */
/* wolfSSL_connect(ssl2); ... */
/* Clean up the new WOLFSSL object. */
wolfSSL_free(ssl2);
/* Release the owned session reference when no longer needed. */
wolfSSL_SESSION_free(sess);
}
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now